While the World Health Organization (WHO) alerting coronavirus by declaring as a pandemic, cyber-attackers exploit interactive coronavirus map applications to spread malware infection.
In early March 2020, Johns Hopkins University publicly deployed a Coronavirus Map webpage dedicated to track and visualize any coronavirus (COVID-19) related events collected around the world in real-time.
Although the online Coronavirus Map program is purely created with an intention to aid people by sharing valuable coronavirus information, the analysis reported by Reason Labs explains the discovery of malware that disguised as a Coronavirus Map.
The Coronavirus Map disguised malware comes as an executable format file named "Corona-virus-Map.com.exe" and sent via email to random users. Upon execution, the program will load the UI dashboard from the Johns Hopkins webpage and live display while running the malware activities.
Injected malware will attack the target host by stealing private information such as usernames, passwords, and credit card numbers.
The malware was initially discovered by the MalwareHunterTeam in prior to Reason Labs discovery.
"Corona-virus.exe" installer -> "Corona-virus-Map.com.exe" (2b35aa9c70ef66197abfb9bc409952897f9f70818633ab43da85b3825b256307) -> different malware samples + decoy viewer.— MalwareHunterTeam (@malwrhunterteam) March 3, 2020
Has "FiasskHard Work CLIPPER + STEALER" & something (AZO?) w/ C2: http://coronavirusstatus[.]space/index.php pic.twitter.com/rB8EkbL8pY
This circumstance exploits will continue as long as the coronavirus pandemic is active and in alert as top news. Make sure to be aware of these kinds of exploit incidents and avoid opening any unfamiliar programs to prevent unwanted infection.