Please be aware that during global events such as COVID-19 or the "Coronavirus", Threat Actors will take advantage of the situation and entice users to click on topic related material to deploy their viruses/malware.Just this week, cybersecurity professionals identified a bevy of new threats ranging from coronavirus-themed malware attacks, booby-trapped URLs and credential stuffing scams.

Currently, there is a malicious website impersonating the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University circulating on the internet. The website has been found through search engine results and by clicking on the website, the virus will infect the user’s computer with the AZORult trojan, an information stealing program which can exfiltrate sensitive data from your system.

In addition there has also been multiple phishing emails reported, some with with a PDF offering coronavirus safety measures, according to research from ZLab-Yoroi Cybaze. Instead, the PDF–named “CoronaVirusSafetyMeasures_pdf“–includes executables for a Remcos RAT dropper that runs together with a VBS file executing the malware, researchers said.

Another new email campaign discovered by the MalwareHunterTeam includes a three-page coronavirus-themed Microsoft Office document purported to be from the Center for Public Health of the Ministry of Health of Ukraine, researchers said. Instead of offering legitimate information, the document contains malicious macros that can drop a backdoor with capabilities such as clipboard stealing, keylogging, and the ability to lift screenshots from a victim’s computer, according to the MalwareHunterTeam.

Please be aware that while searching for information about COVID-19 or the "Coronavirus", you could unwittingly navigate to these or other malicious websites or back-links. As this is has not happened with any of our clients, we would like to take this opportunity to educate our clients to be aware of these scenarios and to only view COVID-19 information by going directly to the CDC's website (link below). If you do receive this map or other threats via email, please notify our Support Team immediately ([email protected]).

Official CDC COVID-19 information: https://www.cdc.gov/coronavirus/2019-ncov/index.html