Skip to main content

Be on the Lookout for Fake Coronavirus Tracking Sites Infecting IT Systems

Published

Author

Image
Rafael Maldonado

Rafael Maldonado

Vice President & Chief Information Officer

With everyone tracking the global spread of the coronavirus, a new threat has emerged; Hackers have found a way to use popular COVID-19 tracking dashboards on medical websites to inject malware into users’ computers.

Hackers are leveraging the popularity of these tracking maps to steal usernames, passwords, credit card numbers, browsing history, cookies and other information stored in users’ browsers.

How Hackers Attack Computers

Attackers put up websites related to COVID-19 and prompt users to download an application that allows them to stay up-to-date on the pandemic. While a map highlighting how COVID-19 is spreading across the globe, the application doesn’t need to be installed despite a prompt asking users to do so. As users view what appears to be a legitimate website, the application launches a malicious binary file and installs it on the user’s computer.

The attack method uses malicious software known as AZORult, which originated in Russia approximately four years ago. AZORult not only steals data from computers but also infects them with other malware. A new variant of AZORult installs a secret administrative account on computers to perform remote attacks. As it stand, this malware only affects Windows machines, but other operating systems are likely to be included soon.

While it is important to stay up-to-date on COVID-19, users should only view dashboards from legitimate sources. such as those operated by John Hopkins University or the Centers for Disease Control and Prevention (CDC), to avoid getting hacked. Additionally, users should not click links in unsolicited emails that promise updates about the coronavirus.

Cookie Icon Update Cookie Preferences