Malware

Beware of Fake Weaponized Coronavirus Maps that Steal Your Login Credentials

Cybercriminals using Coronavirus pandemic conditions to distribute malware and to steal the user login credentials.

Malware Disguised as a “Coronavirus map” used by the attackers to infect the users and to take complete control of the system.

Fake Coronavirus Map

Security researchers from Reason Labs’ observed a new campaign using information stealer AZORult malware dubbed “Coronavirus map.”

The AZORult malware is known for its information stealer capabilities, it was first observed in the year 2016, the malware also acts as a downloader.

Once the malware executed on the victim’s machine it exfiltrates sensitive data. The malware generated a unique ID for every system it infected.

It steals the following credentials such as user names, passwords, credit card numbers, history, cookies and other sensitive information stored in the browser.

As the Coronavirus spreading rapidly attackers starting using its popularity to infect victims.

Coronavirus map

Once the malware installed on the system it gives a GUI interface that makes everyone believe it is an original map. Opening the malware it shows a GUI window that loads the information from the web.

“The malware uses a few layers of packing as well as a multi-sub-process technique to make research more difficult,” reads the blog post.

The malware conducts password-stealing operation from the installed browser and creates a list called “PasswordList.txt” which stores all password information.

It is capable of stealing information from all browsers, Email clients and Cryptocurrency wallets. The following are the information shared with the C2 server.

  • Basic victim’s computer information.
  • Password information
  • Domain name lists
  • Auto-complete, cookies, and browsing history of web browser
  • C2 command result
  • Infected host IP address information
  • Screenshots of the victim host
  • Detailed system information

Users are recommended not to click on the executable files and be aware of the attachments received.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Researchers Hacked into Software Supply Chain and Earned $50K Bounty

Researchers found a significant software supply chain vulnerability, which resulted in an outstanding $50,500 bounty…

26 minutes ago

ZeroLogon Ransomware Exploit Active Directory Vulnerability To Gain Domain Controller Access

A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit…

40 minutes ago

zkLend Hacked – $8.5M Stolen, Company offers 10% whitehat Bounty to Attacker

zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum's Layer-2 zk-rollup technology, has fallen…

2 hours ago

New YouTube Bug Exploited to Leak Users’ Email Addresses

A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to…

2 hours ago

Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control

A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of…

2 hours ago

Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed

Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over…

2 hours ago