As corona virus threatens to become a global pandemic, everyone’s keeping a close eye on how it’s spreading across the world. Several organizations have made dashboards to keep track of COVID-19. But now, hackers have found a way to use these dashboards to inject malware into computers.
Shai Alfasi, a security researcher at Reason Labs, found that hackers are using these maps to steal information of users including user names, passwords, credit card numbers, and other info stored in your browser.
Attackers design websites related to corona virus in order to prompt you to download an application to keep you updated on the situation. This application doesn’t need any installation, and shows you a map of how COVID-19 is spreading. However, it is a front for attackers to generate a malicious binary file and install it on your computer.
Just to be clear, these websites pose as genuine maps for tracking coronavirus, but have a different URL or different details from the original source.
Currently, the malware only affects Windows machines. But Alfasi expects attackers to work on a new version that might affect other systems too.
Alfasi noted that this method used malicious software known as AZORult, which was first found in 2016. The software is made to steal data from your computer and infect it with other malware as well.
The researcher noted that AZORult can steal info from your computer including passwords and cryptocurrencies:
It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer.
A new variant of AZORult installs a secret admin account on your computer to perform remote attacks.
Earlier this month, research from security firm Check Point noted that coronavirus related domains are 50 percent more likely to install malware in your system.
While it’s important to gain information regarding corona virus, you should only use verified dashboards to keep a tab on it to avoid getting hacked.