Cyberthreats target COVID-19 opportunities, according to Nokia

COVID-19
There's a growing cyber threat related to the COVID-19 pandemic, according to Nokia's Threat Intelligence Lab. (Pixabay)

Where the rest of the world sees tragedy related to the COVID-19 pandemic, cyber criminals see opportunity, according to research from Nokia's Threat Intelligence Lab. Nokia's Threat Intelligence Lab outlined several cyber threats related to the coronavirus outbreak, including malware disguised as a "coronavirus map" that targets the Windows platform.

The malware was designed to exploit the public's interest in tracking coronavirus-related infections, deaths and transmissions. The coronavirus map application plants malware on users' computers that looks like software from John Hopkins University, which allows it to mimic the university's actual map, according to Nokia's Threat Intelligence Lab.

After infecting a computer, the malware contacts its command and control center server with the information it has gleaned from the infected host. While the malware's goal is steal the user's credentials, it also harvests credit card numbers, browser history, cookies, user names and passwords from the browser's cache.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

RELATED: With a surge in usage due to COVID-19, networks are fine, for now: Nokia Deepfield

"This malware is associated with the AZORult family of malware and is known to open a backdoor on the infected machine using the Remote Desktop Protocol (RDP) and a (new) hidden administrator account," according to Nokia's Threat Intelligence Labs' website. "AZORult is widespread among cybercriminals, being popular in underground forums, and is used in a range of malicious campaigns."

Nokia said that removing the malware manually is a complicated task, and advised it is better to use "reputable antivirus or anti-malware programs to do this automatically."

Nokia also highlighted an Android app, which is called "CovidLock," that plants ransomware on phones. The app claims to track the coronavirus across the globe and COVID-19 patients that are in the user's vicinity. Instead, the ransomware locks out the user from his or her device, and asks them to pay up to unlock it.

Specifically, it asks for a $250 ransom in the form of bitcoins while threatening the victim with the leak of private photos, videos and private data. Nokia provided a link with steps to unlock and remove the CovidLock ransomware.

Nokia's Threat Intelligence Lab also provided details on several COVID-19 related phishing attacks that are being used to deliver various forms of malware.

Suggested Articles

Small and medium-sized businesses have borne the brunt of the Covid-19 crisis, but they're more prepared for a second wave, according to a report.

On Monday, AT&T acknowledged for the first time that DriveNets is indeed providing core-networking routing software for its next-gen core network.

Microsoft is taking direct aim at telcos by announcing Azure for Operators, which includes a carrier-grade cloud platform and edge compute capabilitie