03.16.2020 - Hack Alert - Coronavirus Maps Loaded with Malware

Hack Alert: Malware Being Loaded into Coronavirus Maps

Amid the COVID-19 virus crisis, cybercriminals are working overtime to concoct new and difficult-to-detect methods to steal the personal information of individuals and sensitive information of organizations. We’ll occasionally alert our followers of the latest scams and provide tips to avoid them.

We’ve already warned about phishing attacks disguised as government emails, including the World Health Organization. Now, cybercriminals are exploiting coronavirus tracking maps as their hunting ground. It was recently discovered that hackers are using these maps to steal personal user information like passwords, credit card numbers, social security numbers, and other data stored in your browser.

The techniques are still the old, tried-and-tested ones – phishing and/or spear-phishing to lure users into downloading and using these tracking maps and dashboards that purport to have come from official health authorities.

Krebs on Security reported one specific attack – malware loaded into an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University. It is being used in malicious websites (and possibly spam emails) to spread password-stealing malware.

According to the report, a member of several Russian cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate and $700 if the buyer uses the seller’s certificate.

Here are tips to protect yourself:

  • Don’t open attachments from unsolicited or unknown sources
  • Get your information from official and trusted sources by going directly to their websites, not clicking links in unsolicited emails.
  • Beware of emails that try to create a sense or trust or urgency.
  • Mouse over a URL to see if its legitimate and where it’s really taking you.
  • Log-in directly to bank and other sites, never from a text or email link.

To assist businesses during the Coronavirus crisis, ERMProtect is providing free access to video animations that teach employees how to work safely online and remotely. They can be accessed on our YouTube channel or via SCORM packages available here: https://bit.ly/2Uaa23H

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

NIST Cybersecurity Framework

Complete Guide to the NIST Cybersecurity Framework 2.0

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 2

We asked Akash to take a trip down memory lane and discuss some of his more interesting intrusion cases. This is Part 2 of “Musings from Pen Tester’s Diary.” …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 1

Ever want to peek inside the mind of an ethical hacker? Akash Desai, our Director of IT Consulting for 18 years, is sharing his diary of experiences “hacking” banks, factories, fire departments, airports, etc …