Malicious Website Pretending to be the Live Map for Coronavirus-19 Global Cases by John Hopkins University

Posted:
March 11, 2020

There has been a circulation of malicious websites pretending to be credible sources for more information on the Coronavirus-19. PLEASE double check the validity and reliability of websites you are visiting. This also includes attachments! 

One particular website that has been pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with the AZORult Trojan, an information stealing program which can exfiltrate a variety of sensitive data.  

It is likely being spread via infected email attachments, malicious online advertisements, or anyone searching the internet for a Coronavirus map could unwittingly navigate to this malicious website.

Valid Johns Hopkins Coronavirus Live Map

fake coronavirus map

Figure 1. Screenshot of the malicious website "Corona-Virus-Map[dot]com" pretending to be a legitimate COVID-19 tracker. 

fake coronavirus metatag

Figure 2. Screenshot of a Google search for the page mentioned above. 

Recommendations

End users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. IOCs and Analysis may be found here: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/ 

References

Good Email Attachment Hygiene

  • Only open email attachments that are expected and that come from a trusted source
  • Use Internet security software that will automatically scan email attachments for malware and viruses
  • Delete any messages and attachments you aren’t sure about without opening them
  • What type of file is it? Avoid Opening Executable Extension Files EXE
    • You should check the file type of any attachment before opening it. Malware and viruses can be hidden in files of the following file extensions; 
      .ade,.adp, .asf, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .mov, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .swf, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh,
      Even Microsoft Office documents (.docx, .xlsx, and .pptx) and PDFs can contain malicious links and macros that can download malware onto your mobile or computer.