As more people are looking into real time information through data and maps during the coronavirus outbreak, cyber attackers have created malicious coronavirus maps to trick people into thinking they are accessing reliable resources. Netizens may end up with malware on their computers that steals online banking credentials and credit card numbers.
Reason Labs, a New York based cybersecurity firm that provides anti-malware services for internet users, found a number of websites claiming to be providing information about the coronavirus, which may prompt a user to click or download an application to keep themselves in the loop.
Some of these sites make use of a malicious software, “AZORult”, a type of information stealer commonly sold on Russian underground forums. It can steal a user’s browsing history, cookies, passwords and give additional malware into their devices.
According to Shai Alfasi, a security researcher at Reason Labs, many of these coronavirus-related malicious sites use malware that has been found in other types of fake information.
Johns Hopkins University in Maryland in the US has produced a popular map that tracks the spread of the pandemic. It provides data on the number of COVID19 cases, deaths and recoveries in every nation and other territories.One of the most popular tracking maps is created by Johns Hopkins University, which consists of a map and compiled data for the latest number of cases, deaths and recoveries in every country. But some fake websites have produced fake versions of the map. One website called “Corona-virus-map” had a map that looks identical to the genuine one from Johns Hopkins University.
Beware of fake websites are disguised to imitate the genuine COVID19 resource sites. (Source: Reason Labs).
In comparison, this is the real website produced by Johns Hopkins University.
Many of these attacks are “silent”, meaning that users may not realise that their information has been stolen after clicking on such links. Mr. Alfasi said that at least a thousand people were compromised by these malware, but thankfully Reason Labs managed to catch these in the early stages of the attacks.
“The attacker who created this malware actually made some mistakes by saving statistics of people who were infected. We were able to find this information and track down his server,” he said.
Hackers are also leveraging the coronavirus pandemic with fake sites that ask for donations or phish for credit card details.There are even fake coronavirus test kit websites created by scammers offering to sell test kits, but clicking on these websites means they can easily steal credit card information and other sensitive information.
An example of a dubious website offering to sell test kits.
Hackers can create fake donation links that tricks users into giving credit card information and addresses.
Mr. Alfasi warns that an increase in coronavirus-related malware could be possible as the outbreak worsens and more technologies are created to track updates.
“The coronavirus is a great theme story to create more opportunities for phishing to get information, but there’s no unique malware detected so far,” he said. “But now, the attackers try to find their ways to take advantage of people’s fear during this pandemic.”
Reason Labs warn internet users to beware of cyber attackers that exploit users’ curiosity for coronavirus updates. Here are three tips from Mr. Alfasi on how to prevent this:
Have more sense of awareness and know what kind of fake information attackers are putting out there. There are some cybersecurity Twitter accounts that simplify information for normal users to understand complicated technology that causes malware.
Download an anti-virus product. Most attacks detected on coronavirus related content use existing malware. Thus, 95 percent of malware can be prevented if a reliable anti-virus product is installed.
Remember security updates from Microsoft. Operation system updates from Windows can help to prevent malware functions from working.