Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the COVID-19 pandemic in a bid to infect computers with malicious software.
In one scheme, a real interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.
The malicious online map, which was hosted at www.Corona-Virus-Map[.]com, but is taken down now, appeared very polished and convincing, showing an image of the world that depicts viral outbreaks with red dots of various sizes, depending on the number of infections. The map appears to offer a tally of confirmed cases, total deaths and total recoveries, by country, and cites Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source.
Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate. More details KrebsOnSecurity: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/ and at MalwareBytes: https://blog.malwarebytes.com/social-engineering/2020/02/battling-online-coronavirus-scams-with-facts/