Where the rest of the world sees tragedy related to the COVID-19 pandemic, cyber criminals see opportunity, according to research from Nokia's Threat Intelligence Lab. Nokia's Threat Intelligence Lab outlined several cyber threats related to the coronavirus outbreak, including malware disguised as a "coronavirus map" that targets the Windows platform.
The malware was designed to exploit the public's interest in tracking coronavirus-related infections, deaths and transmissions. The coronavirus map application plants malware on users' computers that looks like software from John Hopkins University, which allows it to mimic the university's actual map, according to Nokia's Threat Intelligence Lab.
After infecting a computer, the malware contacts its command and control center server with the information it has gleaned from the infected host. While the malware's goal is steal the user's credentials, it also harvests credit card numbers, browser history, cookies, user names and passwords from the browser's cache.
"This malware is associated with the AZORult family of malware and is known to open a backdoor on the infected machine using the Remote Desktop Protocol (RDP) and a (new) hidden administrator account," according to Nokia's Threat Intelligence Labs' website. "AZORult is widespread among cybercriminals, being popular in underground forums, and is used in a range of malicious campaigns."
Nokia said that removing the malware manually is a complicated task, and advised it is better to use "reputable antivirus or anti-malware programs to do this automatically."
Nokia also highlighted an Android app, which is called "CovidLock," that plants ransomware on phones. The app claims to track the coronavirus across the globe and COVID-19 patients that are in the user's vicinity. Instead, the ransomware locks out the user from his or her device, and asks them to pay up to unlock it.
Specifically, it asks for a $250 ransom in the form of bitcoins while threatening the victim with the leak of private photos, videos and private data. Nokia provided a link with steps to unlock and remove the CovidLock ransomware.
Nokia's Threat Intelligence Lab also provided details on several COVID-19 related phishing attacks that are being used to deliver various forms of malware.