"Corona Antivirus" Scams, As the world is suffering from the COVID-19 on the other hand Cyber Criminals continue to use the ongoing outbreak for their own profit by launching numerous scam campaigns which use COVID-19 to trick users into installing a variety of malware.
In the latest scam, discovered by Malwarebytes, cybercriminals have set up a website advertising “Corona Antivirus - World's best protection” which tries to trick users into installing antivirus software that supposedly has the capabilities to protect users from becoming infected with the virus in real life. The creators of the site have even provided more details on how their solution works, saying:
“Our scientists from Harvard University have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.”
* Beware these new coronavirus email scams.
* Malware strains using coronavirus to avoid detection.
While most users will likely understand that there is no way for any type of software to protect them from becoming infected with the coronavirus, there is a possibility that some will fall for this scheme as the cybercriminals behind it have taken the necessary steps to make their website appear legitimate.
Once a user installs the application available on the Corona Antivirus site, their computer will be infected with malware. The installation file, which contains the commercial packer Themida, will turn a user's PC into a bot ready to receive commands.
After inspecting the command and control server, Malwarebytes discovered a control panel for the BlackNET botnet. The full source code for the BlackNET toolkit was published on GitHub a month ago and some of its features include deploying DDoS attacks, taking screenshots, stealing Firefox cookies, stealing saved passwords, implementing a keylogger, executing scripts and stealing Bitcoin wallets, among others.
While working from home, it is important that all users keep their computers up to date and exercise caution when downloading and installing new programs to avoid falling victim to the many coronavirus-themed scams that are currently making their way around the web.
After investigating the Corona Antivirus site, Malwarebytes informed CloudFlare of its discovery and the CDN took immediate action to flag the website as a malicious.
Malware’s infecting capabilities
Since BlackNET is programmed to add the infected device to a botnet, the actors can further take control of an infected system and use it for:
Launching DDoS attacks
Uploading files onto the compromised machine
Executing malicious scripts
Harvesting keystrokes using a built-in keylogger (also called LimeLogger)
Stealing bitcoin wallets
Harvesting browser cookies and passwords
Top health and security organizations, including the World Health Organization (WHO), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Federal Trade Commission (FTC), have all released repeated warnings on how Coronavirus-themed phishing attacks have been targeting individuals, government and health facilities from countries around the globe. Organizations need to be vigilant about such ongoing attack campaigns.