Cybercriminals are piggybacking off Coronavirus concerns to distribute malware to unsuspecting users. Various security researchers have observed various attacks in the past few weeks, from email campaigns to spear phishing and now live map tools.
KrebsonSecurity reports that a member of Russian hacking forums began selling a malicious version of John Hopkins University's Coronavirus dashboard. The $700 kit features a Java-based malware deployment scheme that leaves the user unaware.
“It loads [a] fully working online map of Corona Virus infected areas and other data,” said the seller, according to Krebs. “Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral!”
Numerous dangerous Coronavirus domains have cropped up in the past week, including coronavirus-map.com and coronavirus.zone. One application download for a map app has been founding using AZORult, a dangerous credential stealer that steals login data.
“To be clear, the online map posted by Johns Hopkins University at https://coronavirus.jhu.edu/map.html does NOT contain any malware (and NEVER contained malware). This popular dashboard web application is hosted by Esri as part of our ArcGIS Online offering,” said John Hopkins in response. “The confusion comes from an issue where a malicious person created a downloadable Windows-based application containing malware whose display is practically identical to the Johns Hopkins Coronavirus browser-based dashboard.”
We'll undoubtedly see more of these as the pandemic spreads, and they're likely to be even more effective. As a result, users should make sure they trust the website they're clicking on, even while caught up in all the drama.