Spreading faster than CORONA

May 02, 2021

If you are aware and concerned about the new pandemic CoronaVirus aka COVID-19, beware you can be a potential victim of new malware roaming around in the digital space that is attacking computers.

Yes, you heard it right, hackers as always using a very popular object as a weapon of choice to compromise digital assets. It is just like any other social engineering attack. Attackers observe the trends and understand what users are wanting the most and will try to deliver malware in the name of serving the people in need. There are more chances that a naives user will fall for the trick and take the bait executing the malicious binaries or executables to get compromised. Games and software cracks are the number one choice of hackers always. Providing a tool that can let the victims use a paid software for free like windows operating system cracks, Microsoft office cracks, and attach a malicious software to it, most of the innocent victims will disable the defence mechanisms and install that program which will allow attackers to take the control of the victims device.

This is exactly what is happening now, since the aforementioned COVID-19 made people so desperate that attackers are taking advantage of this situation to compromise victims, there is a program called “coronavirus map” which is supposed to tell the users who installed it how many confirmed cases are there in each and every country. So that the users can know which country is safe and which is not, also they can know how safe the country they currently live in. But it turns out that it is nothing but another way that hackers found to compromise more devices.

At the time of writing this article, we were not able to access the site, perhaps it was taken down since it is doing some malicious activity.

Researchers at MalwareHunterTeam generously provided the malicious installers hash f850f746f1a5f52d3de1cbbc510b578899fc8f9db17df7b30e1f9967beb0cf71, you may have downloaded and installed any such file please check the hash give above to confirm whether you have executed a known malware or not. This again proves how many internet users both with and without technical background are becoming pawns in the hackers game, the malicious hackers will have no stone left unturned to compromise an unsuspecting victim.

Precautions to avoid Social Engineering Attacks are as mentioned below:

• Do not open emails and email attachments from unknown senders.
• Always check and confirm the hash of an executable before actually executing it.
• Do not Download executable or for that matter any file from unknown sources.
• If you are unsure about the security status of an executable run it in a sandboxed environment to avoid spread.
• Either you are unsure or you do not have other choice (perhaps for malware analysis purposes) if you had to execute the suspicious or confirmed malware executable, run them in VMs with NAT adapter.
• If something seems too good to be true then maybe it is not good, so do not fall for malicious hacker’s traps.
• Buy legitimate software from a legitimate seller only not from third party sources.
• The official sellers will have a method to authenticate themselves and their products use those methods to check the authenticity of the seller before handing over your credit card details.
• Use virtual credit cards (like privacy.com), if you can, to avoid troubles related to credit card fraud.
• Do not fill out your details in unnecessary online forms, most of them can be using that information intrusively.

References:

Researchers at MalwareHunterTeam found this behaviour and tweeted the following.

https://twitter.com/malwrhunterteam/status/1234850871936274435