Author

Topic: Be careful downloading COVID-19 map spread, it contains info stealing crypto (Read 270 times)

hero member
Activity: 2366
Merit: 838
I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.   
I agree with you. Raw figures of infected, recovered, deaths, and critical cases are more than enough to eloborate situations of the pandemic in local areas or nations. I don't see much sense to look at the weighted-red dot map for the world, just to get an raw overview on how serious the pandemic is over the globe.

If we take into consideration of risks from strange sites and unknown elements behind, we should be much more careful.
legendary
Activity: 2730
Merit: 7065
I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.   
copper member
Activity: 658
Merit: 402
It's not surprising to see people taking advantage of the circumstance because they aware that people will easily click the bait if it's pertaining to the virus. We should be fastidious before clicking any link because hackers can simply access your personal and financial information. They should be mindful that hackers use several ways to steal information. It is a lot better to do research than rely on any link shared by other people to acquire information. And, thank you for sharing this kind of information.
newbie
Activity: 4
Merit: 0
Man, the malice and lengths people will go to in order to make a quick buck knows no bounds. Pretty easy to avoid these hackers, though. Don't open emails from obvious spammers, delete and report any emails that looks suspicious. Sadly there are millions of users who lack what should be common wisdom by now, they are bound to get infected and lose a lot of money.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
I don't open attachments if some stranger sends me an email requiring to open the attached file. And these scammers, where the heck they're getting all the emails?

Always watch out your browsing so that you will not end up to alike websites.

Thanks for the heads up!
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<...> Strange, since I've visited that website quite a big number of times.
I interpreted there is no issue with the site itself, but rather with the virus conceptually piggybacking on the site's reputation and information as bait, but being spread through other means (i.e. not by accesint the site itself). This seems to be aligned with what I thought: https://www.world-today-news.com/corona-virus-card-on-the-net-steals-passwords/

Quote
Interactive map as a decoy

Reason cybersecurity reports on the current case in which an interactive map showing the spread of COVID-19 acts as a trap.
The malware hidden in it disguises itself as a “corona virus map”. This is sent by mail or via messenger services. You can also find them as download links on websites. The file is usually called “Corona-virus-Map.com.exe” or “CoronaMap.exe” and is 3.26 MB in size.
<...>
If you open the file, the expected information – Coronavirus diseases in real time – is displayed. The data for this are taken from a reputable source, namely from John Hopkins University, which is one of them real interactive map provides. This is harmless and not infected with the malware.
<...>
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Update: after more than 2h spent scanning my system, Kaspersky Rescued Disk 18 has found nothing.
I didn't install anything by hand, and it looks like the website gisanddata[.]maps[.]arcgis[.]com also didn't. (The website itself is also seen as clean by Virustotal.)

Strange, since I've visited that website quite a big number of times.
legendary
Activity: 1134
Merit: 1598
Wow. As if what the world's going through with this virus pandemic wasn't enough. The last thing someone would want to happen is to have their funds stolen..

Great finding. Always keep an eye on what you're downloading. You may be unloading a little crypto trojan horse into your computer and I'm sure you do not want that Smiley
legendary
Activity: 2310
Merit: 2073
~snip~

Thank you for sharing the information. Recently, people have become increasingly sophisticated in disguising and distributing malicious software. The creator of the malware is well aware that the whole world is monitoring the situation around the spread of coronavirus and using it for its own selfish purposes.
member
Activity: 322
Merit: 10
I'm not surprised, I got message from my bank today and they are warning account owners about scammers using coronavirus to spread crypto stealing malware, if you see one do not click on the link
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
I'll still consider this a threat. The one who made this threat really know how to disguise the program. At first, I take a look at it and I can only think that this help us know where the covid19 spreads now and also executing the malware. Covid19 can kill a person and wallet funds being stolen is very sad.
hero member
Activity: 2632
Merit: 833
At least its not affecting Bitcoin much or at all.
Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat.

Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention.

Just because it targets cryptocurrency wallet with lower user base, that doesn't mean it's not serious threat. Especially other behavior could affect more user than Monero user.

Right, and we all know that malware evolves as well, this what discovered in 2016, spreading through emails. But now those bad actors modify it to fit their agenda with the Covid-19 scare, so its just a matter of time before we can see new strain in the wild that specially targets crypto wallets, passwords, private keys, etc.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I'm surprised, my antivirus/firewall (COMODO), usually very eager to stop everything, didn't say anything when I've opened that page.
I'll boot soon from an antivirus stick or CD and do a full scan, will return to say if I've found anything about this AZORult.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
You actually beat @PrimeNumber7 by a few minutes publishing this alert, but you must have been writing your respective OPs at the same time (jinx …).

The issue here is why anyone would go and download and install an exe file, bypassing all personal safety procedures. Obviously, the dire situation and panic search for information are the cornerstones used by the malware to lower one’s security procedures (or extend over to other people who had none to begin with), as there are many people now searching for information out there (see https://trends.google.es/trends/explore?date=today%203-m&q=coronavirus).

By the way, as far as I can see, the Dashboard has no issues itself (I visit it every now and then through it’s URL). It’s the .exe wrapper that some bastards have placed around it, as an alleged method to access the Coronavirus Dashboard.
legendary
Activity: 2296
Merit: 1014
At least its not affecting Bitcoin much or at all.
Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat.

Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention.
hero member
Activity: 2632
Merit: 833
COVID-19, Info Stealer &  the Map of Threats – Threat Analysis Report

Quote
The new malware activates a strain of malicious software known as AZORult. AZORult is an information stealer and was first discovered in 2016. It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. There is also a variant of the AZORult that creates a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol (RDP) connections.



https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

Those bad actors are really taking advantage of every situation that they can find, so just be careful downloading anything specially this so called Covid-19 map of threats. It's cleverly disguise and you might not think of any harm in your way, however, it might be too late when suddenly you loss your personal data including passwords in your crypto wallet.

Infection Chain



Quote
Behaviors

    - Steals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version
    - Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
    - Steals stored email credentials of different mail clients
    - Steals user names, passwords, and hostnames from different browsers
    - Steals bitcoin wallets - Monero and uCoin
    - Steals Steam and telegram credentials
    - Steals Skype chat history and messages
    - Executes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file

https://success.trendmicro.com/solution/000146108-AZORULT-Malware-Information
Jump to: