Cybercriminals, as always, “keep their finger on the pulse” and follow the global trends, Xakep reports. If earlier attackers did not hesitate to use information about terrorist attacks and disasters for their own purposes, now they are actively exploiting the topic of the coronavirus pandemic. Users are lured to malicious sites and tricked into downloading malware using topical spam and even fake COVID-19 distribution cards.
Company Reason Cybersecurity in his blog published an analysis of the threats that carries the malware embedded in the file, usually called Corona-virus-Map.com.exe, about 3.26 MB.
Double-clicking on the file opens a coronavirus distribution map similar to the one developed at Johns Hopkins University of America for the purpose of visualizing and tracking coronavirus cases in real time.
The fake card contains AZORult malware designed to steal information. AZORult steals data from browsers, in particular cookies, browsing history, user IDs, passwords and cryptocurrency-related information.
In turn, ZDNet reports that government hack groups from China (Mustang Panda and Vicious Panda groups), North Korea (Kimsuky grouping) and Russia (Hades group associated with APT28) did not ignore the topic of the pandemic. So, back in February, the coronavirus became a phishing bait and now spam containing malicious documents or links allegedly dedicated to COVID-19 is used to attack the Ministry of Health of Ukraine, South Korean officials and government organizations of Mongolia.
