Our last Coronavirus/COVID-19 submission is full of still-existing threats (Malware and Tracking apps), and simple solutions.

The most recent, uncertain global event summoned desperation to the whole mix – favorite cyber-criminals ingredient.

They exist thanks to the peak on the search term “Coronavirus”. All that attention coming from a global event of desperation was the ingredient cyber-criminals were waiting for. 

What happened through this trying time period, and why is it even relevant to now?

Let’s find out…

Coronavirus Maps Malware Worse than COVID-19

Internet users’ craving for information gave opportunities to many cybercriminals.

A clear sample of this can be seen on the Reason Cybersecurity threat analysis report recently released. They detail many of the points we’ll touch forward.

First of all, what is the Coronavirus Map, and how it can be worse than COVID-19?

A few hundred tools were launched, promising to show real-time infection cases of COVID-19 around the world. 

But unfortunately, the Johns Hopkins University Resource Center it’s one of the few trustable maps to check-out. This site doesn’t contain any infectious harm whatsoever.

See, hackers saw a big spot at targeting all the internet navigators searching for cartographic presentations. If you’re one of these internet navigators, then what you wouldn’t like to see is a new, dangerous malware inside your device.

Especially one that tricks you to download the malicious application. On the front-end, it shows a replicate of the original mentioned. In the back-end, it’s harming your computer.

The Malware Hunter Team first spotted this threat and was later analyzed by Shai Alfasi (Reason Lab’s cybersecurity researcher).

Tweet from MHT (Malware Hunter Team)

Alfasi gives us details about the Corona-virus-Map.exe file. containing such Malware, and we confirm it with a simple and quick virustotal tool revision.

This small Win32 EXE (3.26 MB) utilizes a multi-sub-process technique that’s difficult to detect and analyze. Besides, it contains a task scheduler so it can continue operating.

Executing the Corona-virus-Map.com.exe shows clear signs of infections (Corona-virus-Map.com.exe file duplicates into Corona.exe, Bin.exe, Build.exe, and Windows.Globalization.Fontgroups.exe files).

Corona-virus-map.exe

API’s will appear to facilitate the decryption of the saved password and output data generation. 

A very common approach used by data thieves: it captures the login data from the infected web browser and moves it to the C:\Windows\Temp folder.

It continues to steal login data from online accounts. This, without having to interact on any shape or form with the malware execution… It does everything for its own.

We would like to tell you this is the only threat related to your data credentials and privacy.

Eyes on You (COVID-19 related Apps Track your Movements)

We cannot deny this the global pandemic increase our concern of virus spread like no other time. It can be specially noted when all start to re-open.

In the attempt to keep us safe and controlled, many companies have developed contact-tracing apps, to help citizens know whether they are infected or are exposed to someone who has tested positive for the virus.

Apple and Google are part of the tech giants launching this technology in countries like the U.S. and the U.K.

Of course… Public-health it’s not our biggest worry now. Privacy is.

Although these COVID-19 tracking apps could be created with great intentions, there are some scary public reviews about others that deeply concerns us. 

Amnesty International is one of many companies waving the flags on this battle against rapidly-produced apps that harm people’s security. How they can be harmful? 

Tracking-Tracing App

Smitterstopp app uploaded live or near-live user locations as GPS coordinates to their central server. 

Bahrain took a more disguised approach to its surveillance. They selected random users, that would win a prize if the app showed they were at home during Ramadan.

Kuwait app took it to the next level: it was also paired with Bluetooth bracelets to ensure citizens were always close to their phones. 

EHTERAZ app, meanwhile, is capable of tracking specific individuals or all user’s locations.  

All of it seems smart at first instance but is dangerous as well. It allows hackers to acquire bundles of valuable information like name, location, national ID, and health status

Amnesty analysis shows 11 apps carrying severe privacy risks. They were all spread through Algeria, Bahrain, France, Iceland, Israel, Kuwait, Lebanon, Norway, Qatar, Tunisia, and the United Arab Emirates.

But do not think you’re safe… Such apps are available to U.K. and U.S. populations, with surprising popularity.  

Cleaning & Prevention

Now that you know about it… You will probably be more careful about what you download online, right?

It might be the case that you were one of those users infected by the “Coronavirus Map” malware. In that case, I’ll let you know that you will need adequate malware protection to get rid of it. 

Alfasi promotes Reason’s Antivirus Software, but it’s not the only option available for this type of threat or for any other Malware. 

Cybersecurity software tools will probably add-in this soon into their list of updates.

Even then, It may not be enough to prevent your credentials from getting leaked… Much less, your location, and the rest of personal data. 

I just recommend you 2 things.

  1. Be careful online and offline, to not contract the disease. 
  2. Be aware of the many exploited cyber-attacks that haven’t ended, and much just barely starting… 

If this doesn’t calm you down (which is understandable), we can take care of it