The MalwareHunterTeam has identified another attack that is using the Corona Virus as a way to trick people into downloading malicious software. They identified the site “antivirus-covid19[.]site” that pretends to provide anti-virus software for a donation. If someone clicks the donation link, they are redirected to antivirus-covid19[.]site/update.exe (which has been taken down) that will deploy the BlackNet malware onto their systems if launched. This malware allows attackers to remotely control the infected device.
Analyst Notes
Attackers will use any tactic they can to infect systems with their malicious payloads. Individuals, especially when working remotely, should be on the lookout for scams. When looking up information on COVID19, users should look at only trusted news sites and if downloads are advertised, they should be treated as suspicious. No legitimate COVID19 information website should require downloading and running an executable file. While employees are working remotely, organizations should protect their endpoints with the use of Endpoint Detection and Response (EDR) software, especially if it is not possible to monitor network traffic for remote workers. Managed security services such as the Binary Defense Security Operation Center monitor endpoints 24 hours a day, 7 days a week to detect malicious programs and stop them before they can do damage.
To read more: https://www.bleepingcomputer.com/news/security/fake-corona-antivirus-software-used-to-install-backdoor-malware/