As the world faces a pandemic in the form of Covid-19, everyone is keeping a close eye on how it is spreading across the world. That includes hackers too.
Several organizations have made dashboards to keep track of Covid-19 outbreak around the world, and hackers have found a way to use these dashboards to inject malware into computers, the Washington Post reports.
Attackers design websites related to coronavirus in order to prompt someone to download an application to stay updated on the situation. This application does not need any installation, and shows a map of how Covid-19 is spreading. However, it is a front for attackers to generate a malicious binary file and install it on your computer.
In recent weeks, US officials have warned about malicious actors seeking to seize on global coronavirus concerns to peddle fraudulent products or extract sensitive information.
Last week, for example, a top cybersecurity arm at the US Department of Homeland Security flagged the potential that criminals and hackers “may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.”
Last month, researchers working with The International Business Machines Corporation (IBM), an American multinational technology company headquartered in Armonk, New York, with operations in over 170 countries revealed a spam email campaign in Japan that sought to steal data from those who opened infected attachments. On Thursday, cybersecurity company FireEye detailed efforts by malicious actors in China, North Korea and Russia to leverage global fears about coronavirus to aid their espionage.
In many cases, the hackers lured unsuspecting victims into downloading documents that appeared to come from official health authorities — only to deliver malicious code that could co-opt a target's computer.
Known Russian hacking groups targeted Ukraine, according to FireEye, and hackers suspected to be North Korean in origin appeared to take aim at a nongovernmental organization in South Korea. Chinese hacking groups set their sights on East Asia, sometimes luring targets using documents that contained official statistics about coronavirus infections, the firm found.
Cybercriminals and spies have taken advantage of the growing demand for information by loading malicious software into tracking maps, government reports and health fact sheets in numerous languages.
Chinese hackers have used fake documents about the coronavirus to deliver malicious software and steal sensitive user information, according to a report Thursday from researchers documenting a growing wave of cybercrime exploiting fears about the global pandemic.
A group of Chinese hackers, dubbed Vicious Panda by cyber security researchers at Check Point, an Israeli-based technology company.
In its report Thursday, Check Point called Vicious Panda an “advanced persistent threat,” a designation reserved for the most technically adept and well-organized attackers, often having government backing.
Vicious Panda used a fake document, purportedly disclosing coronavirus infection information from the Mongolian Health Ministry, to lure Internet users into sharing sensitive personal information, with the goal of gaining access to computers and smart phones, according to the Check Point report.
“Covid-19 is presenting not only a physical threat but a cyber threat as well,” Lotem Finkelsteen, Check Point’s head of threat intelligence, said in a news release Thursday, referring to the disease caused by the virus. “All public sector entities and [telecommunications companies] everywhere should be extra wary of documents and websites themed around Coronavirus.”
Cybersecurity researchers have identified several fake Covid-19 tracker maps that infect people's computers with malware when opened.
Here is a breakdown of websites to avoid, as well as reliable coronavirus maps that are safe for tracking the spread of the virus.
Maps published by Johns Hopkins University or The New York Times are examples of reliable, non-malicious trackers.
But hackers are spreading malicious sites disguised as reliable Covid-19 maps, according to findings from cybersecurity firm Reason Labs, first reported by TechRadar.
The tactic starts with hackers circulating links to malicious websites disguised as Covid-19 maps, either on social media or through misleading emails. When people open the sites, they are directed to open an applet that can infect their device with AZORult, a years-old malware that steals data like login credentials and banking info.
"This technique is pretty common," Reason Labs researcher Shai Alfasi wrote in a blog post. "We will likely be seeing an increase in corona malware and corona malware variants well into the foreseeable future."
To avoid the malware, people are advised to stick to verified Covid-19 tracking maps, and to double check the URL of linked website before clicking.
