Scammers Use Coronavirus Map To Spread Malware

Matthew Broersma,
Novel coronavirus. Image credit: CDCC

Scammers are using fear around the coronavirus epidemic to spread malware via malicious email attachments, phishing messages and even a virus map

Security researchers have uncovered a malware scheme hidden behind a world map of coronavirus cases, as scammers look to take advantage of fear around the epidemic.

The scam comes to light as world coronavirus cases pass 100,000 for the first time, causing damage to global supply chains and weighing on share prices.

Last month researchers uncovered a number of email-based scams using the coronavirus as bait, but the latest malware is unusual in that it lies in wait on a website and doesn’t rely on email spam to lure potential victims.

The malware, with the filename corona.exe, hides in a website that supposedly shows updated coronavirus cases on a global map, Malwarebytes said.

Image credit: Malwarebytes
Image credit: Malwarebytes

Payment cards swiped

The corona.exe file attempts to install itself on the sytems of those visiting the site in order to steal logins and payment card information.

The malware is a variant of AzorUlt, a family of spyware that steals information and sometimes downloads additional malware, Malwarebytes said.

As a result, the company first named the malware Trojan.Corona, but later renamed it Spyware.AzorUlt.

“Unlike similar coronavirus scams we discovered last month, this threat does not rely on an email campaign,” the company said in an advisory.

Last month researchers warned of several malware campaigns specifically leveraging the fear around the worldwide coronavirus outbreak, including a campaign in Japan that included malicious Word documents allegedly containing information about coronavirus prevention.

Email scams

Malware embedded in PDFs, MP4s and Docx files also circulated online, with titles alluding to virus protection tips.

The company spotted phishing emails that supposedly came from the US US Centres for Disease Control and Prevention (CDC), while another scam directed users to a fake donation page to help support government and medical research.

“All of these threats rely on the same dangerous intersection of misinformation and panic — a classic and grotesque cybercrime tactic,” Malwarebytes said.

The company advised users not to click on links in dubious emails and not to donate to causes they have not already vetted outside their email client.