Cyber criminals will stop at nothing to exploit internet users even take advantage of the widespread COVID-19 panic.
In a recent threat analysis report cybersecurity detailed a new attack taking advantage of peoples desire for information on the coronavirus that is wrecking havoc worldwide. The malware is targeting those looking for cartographic representation of the COVID-19 spread, if the users downloads and runs the application it seems to just bring up a map loaded from a legitimate source but in the background is compromising the computer.
New threat, old virus
This latest threat was first spotted by MalwareHunterTeam last week and has now been analyzed at Reason Labs. It involves a malware identified as AZORult, a malicious information stealing software first discovered in 2016. The software mainly collects information from web browsers which can give access to credit cards, login details and various other sensitive information.
AZORult is reportedly discussed in Russian underground forums as a tool for gathering sensitive data from computers and can even generate a hidden administrator account in infected computers to enable connections via the remote desktop protocol.
Signs of infection
Executing the software will result in the creation of duplicate files and multiple corona.exe, bin.exe and window.globalization.fontgroups.exe files. Additionally, the malware will modify of registers under ZoneMap and LanguageList. Several mutexes are also created.
Execution of the malware will activate the created files as they attempt to connect to several URLs. These processes and URLs are only a sample of what the attack entails. There are many other files generated and processes initiated to create various network communication activities as it tries to gather as much information as possible.
Cure and prevention
As the coronavirus continues to grow you shouldn't have to worry about digital viruses so why not leave it to the experts. We can make recommendations on what systems to use to improve your cybersecurity and what you should avoid to stay safe online, so call us today at 01642 248 750 or message us at email@example.com for more information on how we can keep you safe online.