Since it was first reported to the World Health Organization last December, the novel coronavirus has reached pandemic proportions. As of this writing, the COVID-19 outbreak has infected over 121,000 people in 114 countries and caused 4,373 fatalities. The outbreak has also disrupted global supply chains and prompted a slew of major event cancellations.
Now, Reason Cybersecurity has discovered hackers are using malware disguised as a coronavirus tracking map application to steal user information.
The Corona-virus-Map.com.exe Malware
On Monday, Reason posted a threat assessment report on the Corona-virus-Map.com.exe malware. Rogue operators designed the malicious program to mimic the look and functionality of actual COVID-19 map trackers. Once launched, the app presents an innocuous GUI that strongly resembles Johns Hopkins University’s live interactive coronavirus map. The deceptive file even collects data for the university’s site to make itself appear legitimate.
However, the file contains a strain of malware called AZORult, a covert user information stealer first released in 2016. Once installed, the program infects the user’s web browser to access its cookies, history, login credentials, and cryptocurrency keys. Then, the malicious software stores the stolen data in a host computer’s Windows Temp folder for decryption and transmission.
The Hacker News notes the coronavirus map iteration of AZORult is programmed to seek out login information for services like Steam and Telegram.
Why the Coronavirus Map Malware is so Insidious
Because of its unnervingly rapid spread across the globe, the coronavirus has provoked widespread anxiety. In response, the public has taken to regularly reviewing COVID-19 maps on the outbreak’s progression. The hackers behind Corona-virus-Map.com.exe are exploiting that fear to profit during an international emergency.
The criminal operators who deployed the malicious software also made their cyber weapon remarkably insidious. Uninformed users could launch the program unaware that it’s a threat because it looks legitimate and provides real data. The individual or group who deployed the fake coronavirus map also designed it to be very difficult to recognize and remove.
After execution, the malware deposits duplicates of itself throughout a user’s system under different names. It also infests and modifies a host computer’s registration files. The cyber attackers who unleashed the malicious program crafted it for seamless infiltration. Corona-virus-Map.com.exe completes its information-stealing functions in the background and doesn’t require any direct input.
Thankfully, Reason has updated its cybersecurity products to neutralize the fake COVID-19 map malware. The firm offers free to download and premium iterations of its antivirus program. Since the company has published a threat assessment report on the malicious software, other popular cybersecurity tools like Malwarebyte Labs have upgraded their tools in response.
To protect themselves, the public should also avoid downloading any unverified COVID-19 map trackers. Johns Hopkins University, USA Today, and Time offer robust interactive coronavirus maps at no charge.
To learn more about the serious implications of the COVID-19 coronavirus, see Joe Rogan’s recent interview with leading disease expert, Michael Osterholm: