Be careful downloading COVID-19 map spread, it contains info stealing crypto

tbct_mt2

hero member

Activity: 2254

Merit: 831

Quote from: Pmalek on March 13, 2020, 05:56:53 AM

I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.

I agree with you. Raw figures of infected, recovered, deaths, and critical cases are more than enough to eloborate situations of the pandemic in local areas or nations. I don't see much sense to look at the weighted-red dot map for the world, just to get an raw overview on how serious the pandemic is over the globe.

If we take into consideration of risks from strange sites and unknown elements behind, we should be much more careful.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.

plvbob0070

copper member

Activity: 658

Merit: 402

It's not surprising to see people taking advantage of the circumstance because they aware that people will easily click the bait if it's pertaining to the virus. We should be fastidious before clicking any link because hackers can simply access your personal and financial information. They should be mindful that hackers use several ways to steal information. It is a lot better to do research than rely on any link shared by other people to acquire information. And, thank you for sharing this kind of information.

Caketea

newbie

Activity: 4

Merit: 0

Man, the malice and lengths people will go to in order to make a quick buck knows no bounds. Pretty easy to avoid these hackers, though. Don't open emails from obvious spammers, delete and report any emails that looks suspicious. Sadly there are millions of users who lack what should be common wisdom by now, they are bound to get infected and lose a lot of money.

jossiel

hero member

Activity: 2842

Merit: 625

I don't open attachments if some stranger sends me an email requiring to open the attached file. And these scammers, where the heck they're getting all the emails?

Always watch out your browsing so that you will not end up to alike websites.

Thanks for the heads up!

DdmrDdmr

legendary

Activity: 2296

Merit: 10753

There are lies, damned lies and statistics. MTwain

Quote from: NeuroticFish on March 12, 2020, 08:21:48 AM

<...> Strange, since I've visited that website quite a big number of times.

I interpreted there is no issue with the site itself, but rather with the virus conceptually piggybacking on the site's reputation and information as bait, but being spread through other means (i.e. not by accesint the site itself). This seems to be aligned with what I thought: https://www.world-today-news.com/corona-virus-card-on-the-net-steals-passwords/

Quote

Interactive map as a decoy

Reason cybersecurity reports on the current case in which an interactive map showing the spread of COVID-19 acts as a trap.
The malware hidden in it disguises itself as a “corona virus map”. This is sent by mail or via messenger services. You can also find them as download links on websites. The file is usually called “Corona-virus-Map.com.exe” or “CoronaMap.exe” and is 3.26 MB in size.
<...>
If you open the file, the expected information – Coronavirus diseases in real time – is displayed. The data for this are taken from a reputable source, namely from John Hopkins University, which is one of them real interactive map provides. This is harmless and not infected with the malware.
<...>

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Update: after more than 2h spent scanning my system, Kaspersky Rescued Disk 18 has found nothing.
I didn't install anything by hand, and it looks like the website gisanddata[.]maps[.]arcgis[.]com also didn't. (The website itself is also seen as clean by Virustotal.)

Strange, since I've visited that website quite a big number of times.

20kevin20

legendary

Activity: 1134

Merit: 1597

Wow. As if what the world's going through with this virus pandemic wasn't enough. The last thing someone would want to happen is to have their funds stolen..

Great finding. Always keep an eye on what you're downloading. You may be unloading a little crypto trojan horse into your computer and I'm sure you do not want that

madnessteat

legendary

Activity: 2212

Merit: 1947

Quote from: TravelMug on March 11, 2020, 08:05:25 PM

~snip~

Thank you for sharing the information. Recently, people have become increasingly sophisticated in disguising and distributing malicious software. The creator of the malware is well aware that the whole world is monitoring the situation around the spread of coronavirus and using it for its own selfish purposes.

Ryushin

member

Activity: 322

Merit: 10

I'm not surprised, I got message from my bank today and they are warning account owners about scammers using coronavirus to spread crypto stealing malware, if you see one do not click on the link

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

I'll still consider this a threat. The one who made this threat really know how to disguise the program. At first, I take a look at it and I can only think that this help us know where the covid19 spreads now and also executing the malware. Covid19 can kill a person and wallet funds being stolen is very sad.

TravelMug

hero member

Activity: 2618

Merit: 833

Quote from: ?? on ??

Quote from: Velkro on March 11, 2020, 11:31:40 PM

Quote from: TravelMug on March 11, 2020, 08:05:25 PM

- Steals bitcoin wallets - Monero and uCoin
https://success.trendmicro.com/solution/000146108-AZORULT-Malware-Information

At least its not affecting Bitcoin much or at all.
Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat.

Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention.

Just because it targets cryptocurrency wallet with lower user base, that doesn't mean it's not serious threat. Especially other behavior could affect more user than Monero user.

Right, and we all know that malware evolves as well, this what discovered in 2016, spreading through emails. But now those bad actors modify it to fit their agenda with the Covid-19 scare, so its just a matter of time before we can see new strain in the wild that specially targets crypto wallets, passwords, private keys, etc.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

I'm surprised, my antivirus/firewall (COMODO), usually very eager to stop everything, didn't say anything when I've opened that page.
I'll boot soon from an antivirus stick or CD and do a full scan, will return to say if I've found anything about this AZORult.

DdmrDdmr

legendary

Activity: 2296

Merit: 10753

There are lies, damned lies and statistics. MTwain

You actually beat @PrimeNumber7 by a few minutes publishing this alert, but you must have been writing your respective OPs at the same time (jinx …).

The issue here is why anyone would go and download and install an exe file, bypassing all personal safety procedures. Obviously, the dire situation and panic search for information are the cornerstones used by the malware to lower one’s security procedures (or extend over to other people who had none to begin with), as there are many people now searching for information out there (see https://trends.google.es/trends/explore?date=today%203-m&q=coronavirus).

By the way, as far as I can see, the Dashboard has no issues itself (I visit it every now and then through it’s URL). It’s the .exe wrapper that some bastards have placed around it, as an alleged method to access the Coronavirus Dashboard.

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: TravelMug on March 11, 2020, 08:05:25 PM

- Steals bitcoin wallets - Monero and uCoin
https://success.trendmicro.com/solution/000146108-AZORULT-Malware-Information

At least its not affecting Bitcoin much or at all.
Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat.

Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention.

TravelMug

hero member

Activity: 2618

Merit: 833

COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report

Quote

The new malware activates a strain of malicious software known as AZORult. AZORult is an information stealer and was first discovered in 2016. It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. There is also a variant of the AZORult that creates a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol (RDP) connections.

https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

Those bad actors are really taking advantage of every situation that they can find, so just be careful downloading anything specially this so called Covid-19 map of threats. It's cleverly disguise and you might not think of any harm in your way, however, it might be too late when suddenly you loss your personal data including passwords in your crypto wallet.

Infection Chain

Quote

Behaviors

- Steals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version
- Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
- Steals stored email credentials of different mail clients
- Steals user names, passwords, and hostnames from different browsers
- Steals bitcoin wallets - Monero and uCoin
- Steals Steam and telegram credentials
- Steals Skype chat history and messages
- Executes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file

https://success.trendmicro.com/solution/000146108-AZORULT-Malware-Information

Topic: Be careful downloading COVID-19 map spread, it contains info stealing crypto (Read 251 times)