Every day, as the situation surrounding the novel Coronavirus worsens, more and more individuals are leveraging these events for malicious and financial gain. We’ve discussed how malware phishing scams are taking advantage of the growing concern surrounding the spread of COVID-19, as well as the opportunities for abusing the influx of remote work and potential lack of technical training surrounding its implementation, but malicious adversaries are taking it one step further.

There are a number of groups that are leveraging the global pandemic to steal information from victims with malware through a plethora of infection methods. Cybercriminals are getting creative with their modes of delivery, for example, by launching a coronavirus Threat Map meant to provide information and live updates regarding statistics on COVID-19, malware can be imbedded to steal personal data in the background. Additionally, mobile app developers are using coronavirus-related keywords in their description and package names in order to boost their ASO (App Store Optimization) for app store searches only to be bundled with information-stealing malware and malicious Trojans.

Malicious Third-Party Apps (Android and iOS)

Throughout the course of the global pandemic, users have developed a growing interest in installing applications related to the health and medical sector. As a result, third-party app developers have utilized keywords relating to COVID-19 in order to increase their ranks in app searches in an attempt to financially capitalize. This can be done by including these keywords in the application’s package name, description blurb, and to further stage itself as a convenient application with benevolent intentions. These suspicious applications often contain malware looking to steal personal data from your mobile device and implement malware-based features such as adware, spyware, and more. For example, an Android App called “Corona Live 1.1” disguises itself as a convenient location for getting live updates on the latest statistics, but instead uses a commercial surveillance software to track and spy on users.

Alternatively, there have been several released applications that have bandwagoned during this time to simply increase their visibility on legitimate apps such as entertainment-based mobile applications. Not only this, but some coronavirus-related apps are also using their platforms to spread misinformation about the outbreak, resulting in an even larger problem. Therefore, it’s important to be aware of what you’re installing on your mobile device and to check for credibility and reliability of applications that reside on Google Play and Apple App Stores.

Coronavirus-Related Bait Sites

Another popular misuse of coronavirus concern was executed by a group of cybercriminals who developed a site that presented real-time statistics of countries currently being affected by the coronavirus pandemic. In order to boost credibility and legitimacy, these individuals modeled it after a popular, trusted map created by Johns Hopkins University. This site weaponized the coronavirus map and targeted individuals who are looking online for a cartographic representation of the impact of COVID-19 in order to steal sensitive information. When users attempt to view this map, they are instructed to download an application that on its front-end will display a legitimate source of information, but then works to compromise the host using malware.

The malicious, Windows-based download employs a variant of malware family AZORult, which is used to steal information such as browsing history, cookies, pieces of personal identification including passwords, usernames, and more.

It should be noted that the legitimate Johns Hopkins map is accessible online and should not require any additional downloads or user information in order to view it. The malicious map can be found at Corona-Virus-Map(dot)com, but for those who are looking for the reliable resource, you can access the Johns Hopkins, University of Medicine’s COVID-19 map. For more information about whether you’ve been infected, you can also view a list of files that might indicate whether or not your host has been compromised.

What Can We Do as a Community?

In a time where individuals are vulnerable, cybercriminals will continue to feed off the growing fear of the population. Therefore, it’s important that we don’t fall victim to these attacks as a result of trying to stay up-to-date and informed. Just as daily consumers must take precautions with what they read and learn from online, we also must be wary about the sources we consult for this information. Furthermore, take precautions before trusting unknown applications and suspicious links, and ultimately, try to stay proactive and boost awareness during this difficult time.