Researchers from Reason Labs reported that attackers are designing websites that display updated maps of the spread of Coronavirus. The websites prompt viewers to download and run a Windows application to keep up to date on the latest information, but the software actually installs the AZOrult malware to steal passwords, credit card numbers, and other data from infected computers. The malware also installs additional malware and creates a hidden backdoor account that attackers can use to access the computer. According to researchers at Check Point, over 50% of websites related to Coronavirus are designed to install malware on victim computers.
Attackers often take advantage of world events and situations that cause fear to create convincing lures that motivate victims to take unsafe actions such as opening files attached to a phishing email message, download software from a website, or enter a password on a fake login page. It is important to educate employees about the dangers of installing software from untrusted websites. Keeping anti-virus up to date is a good preventative measure to protect against many common malware threats. Corporate workstations should also put in place additional protections, such as web filtering for new websites pretending to give information about Coronavirus and Endpoint Detection and Response (EDR) software to detect threats that anti-virus doesn’t catch.
For more information, please see: