03.16.2020 - Hack Alert - Coronavirus Maps Loaded with Malware

Hack Alert: Malware Being Loaded into Coronavirus Maps

Amid the COVID-19 virus crisis, cybercriminals are working overtime to concoct new and difficult-to-detect methods to steal the personal information of individuals and sensitive information of organizations. We’ll occasionally alert our followers of the latest scams and provide tips to avoid them.

We’ve already warned about phishing attacks disguised as government emails, including the World Health Organization. Now, cybercriminals are exploiting coronavirus tracking maps as their hunting ground. It was recently discovered that hackers are using these maps to steal personal user information like passwords, credit card numbers, social security numbers, and other data stored in your browser.

The techniques are still the old, tried-and-tested ones – phishing and/or spear-phishing to lure users into downloading and using these tracking maps and dashboards that purport to have come from official health authorities.

Krebs on Security reported one specific attack – malware loaded into an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University. It is being used in malicious websites (and possibly spam emails) to spread password-stealing malware.

According to the report, a member of several Russian cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate and $700 if the buyer uses the seller’s certificate.

Here are tips to protect yourself:

  • Don’t open attachments from unsolicited or unknown sources
  • Get your information from official and trusted sources by going directly to their websites, not clicking links in unsolicited emails.
  • Beware of emails that try to create a sense or trust or urgency.
  • Mouse over a URL to see if its legitimate and where it’s really taking you.
  • Log-in directly to bank and other sites, never from a text or email link.

To assist businesses during the Coronavirus crisis, ERMProtect is providing free access to video animations that teach employees how to work safely online and remotely. They can be accessed on our YouTube channel or via SCORM packages available here: https://bit.ly/2Uaa23H

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

digital forensics in litigation

How Digital Forensics Can Help Win Litigation Cases

Digital forensics is a crucial part of civil litigation and has helped provide case-clinching evidence in cases of defamation, fraud, whistleblower allegations, industrial espionage, and tax evasion …
digital forensics services

Digital Forensics Services: The Key Things to Understand

What is digital forensics, and how can it help your business? Here are the key things you need to understand about this essential service …
Purchasing Annual Security Awareness Training

4 Tips for Purchasing Annual Security Awareness Training

Here are helpful tips designed to help guide you in selecting a valuable security awareness training program and to evaluate the effectiveness of each tool considered …