Live COVID-19 Map to Spread Malware

This morning I shared with one CIO in Canada an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University. Nothing unusual, just statistics. Since few hours, I realized that it could be a big mistake. So what’s happened?

covid screenshot

COVID-19 is pandemic now and many people naturally are under panic looking for any information to understand what’s going on. This opened doors for cybergyps to disseminate this real-time information about global infection to infect computers with malicious software. In few hours I found a confirmation that this statistics is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. So be cautious with web-sites that have completely same design and similar interactive dashboards.

There is also interesting fact for conspiracy theory enthusiasts. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit (AZORult malware) that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate. Nation-state groups again?

Wash your hands, keep your security gears up, and avoid opening attachments sent in emails — even if they seems to come from someone you know.