There has been a circulation of malicious websites pretending to be credible sources for more information on the Coronavirus-19. PLEASE double check the validity and reliability of websites you are visiting. This also includes attachments!
One particular website that has been pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with the AZORult Trojan, an information stealing program which can exfiltrate a variety of sensitive data.
It is likely being spread via infected email attachments, malicious online advertisements, or anyone searching the internet for a Coronavirus map could unwittingly navigate to this malicious website.
VALID JOHNS HOPKINS CORONAVIRUS LIVE MAP
Figure 1. Screenshot of the malicious website "Corona-Virus-Map[dot]com" pretending to be a legitimate COVID-19 tracker.
Figure 2. Screenshot of a Google search for the page mentioned above.
Recommendations
End users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. IOCs and Analysis may be found here: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
References
- Reason Labs. (March 9, 2020). COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report. Reasonsecurity.com. Accessed 10 March 2020 at
- https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
- Fake Online Coronavirus Map Delivers Well-known Malware Health Sector Cybersecurity Coordination Center (HC3)
- Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication" https://healthsectorcouncil.org/hhs-and-hscc-release-voluntary-cybersecurity-practices-for-the-health-industry/
Good Email Attachment Hygiene
- Only open email attachments that are expected and that come from a trusted source
- Use Internet security software that will automatically scan email attachments for malware and viruses
- Delete any messages and attachments you aren’t sure about without opening them
- What type of file is it? Avoid Opening Executable Extension Files EXE
- You should check the file type of any attachment before opening it. Malware and viruses can be hidden in files of the following file extensions;
.ade,.adp, .asf, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .mov, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .swf, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh,
Even Microsoft Office documents (.docx, .xlsx, and .pptx) and PDFs can contain malicious links and macros that can download malware onto your mobile or computer.
- You should check the file type of any attachment before opening it. Malware and viruses can be hidden in files of the following file extensions;