Example of a fake covid-19 map website. Courtesy/Becky Rutherford
By BECKY RUTHERFORD
Los Alamos
Covid-19 has hit New Mexico, and yet more covid-19 themed scams have hit the internet.
Be aware, be cautious, and don’t fall for a scam, we all have enough to worry about.
Fake Covid-19 maps drop malware
Everyone wants to find out more information about covid-19, and there are many useful, interactive online maps out there. Be careful, some of these maps are fakes, put up by cyber-criminals, and they will infect your machine with malware.
According to research from cybersecurity firm, Reason Labs, as reported by TechRadar, these malicious sites disguised as covid-19 maps will infect your computer with malware.
The first step is to drive traffic to these sites, usually by circulating links to the malicious websites on social media, or through phishing emails. When people open the websites, they are directed to interact with an applet that will infect their device with AZORult. This malware steals data, and can also install a backdoor on your system to maintain access to your system.
Don’t get tricked by these malicious maps; stick to verified covid-19 tracking maps, and always double-check the URL of linked websites before you click.
According to a report by Forbes, “Lindsay Kaye, director of operation outcomes at Recorded Future, specifically called out the following domains as potentially dangerous:
- coronavirusstatus[.]space
- coronavirus-map[.]com
- canalcero[.]digital
- coronavirus[.]zone
- coronavirus-realtime[.]com
- coronavirus[.]app
- coronavirusaware[.]xyz
- coronavirusaware[.]xyz”
This is not an exhaustive list, and more are likely being created as I type this article. If a friend shares a link on social media for anything covid-19 related, don’t click it; navigate to the site out of band by navigating directly to the verified website via internet search, or by typing the address into your browser address bar.
Here are some verified sites for covid-19 maps:
- https://www.cdc.gov/coronavirus/2019-ncov/locations-confirmed-cases.html
- https://experience.arcgis.com/experience/685d0ace521648f8a5beeeee1b9125cd
- https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6
Everyone and everything is a target, and cybercriminals are ruthless. They will take any opportunity to hurt us, and this crisis is no exception. Be aware; be careful where you go when looking for covid-19 updates.
Ransomware: Now with covid-19
Ransomware was already scary enough, but now there is a new spin playing on covid-19 fears – the CoronaVirus. Yes, they went there.
A tweet from Ronnie Tokazowski, Senior Threat Researcher of Agari. Courtesy/Becky Rutherford
According to reports from MalwareHunterTeam, the real goal of this is not to obtain a ransom, but to distract victims from the installation of a sneaky info stealer Trojan called KPOT.
KPOT is a well-established malware that has evolved over the years. This malware goes after credentials from browsers, gaming apps, and crypto-wallets. With this installed on your machine, cybercriminals can own your accounts and your digital life.
CoronaVirus ransomware is being distributed as what appears to be a legitimate and incredibly popular system maintenance app called WiseCleaner. The fake website almost precisely mirrors the real one, and if you aren’t paying attention, you may not notice it’s being served up to you from a fake web address.
Once you install the software, it begins downloading KPOT, which is installed in the background as the ransomware piece begins encrypting files and dropping ransom notes. The actual ransom requested is a mere $50 of Bitcoin, but cash is not the primary goal here. They are looking for your passwords, the keys to your kingdom, and ransomware makes a good cover and distraction for their real purposes.
If you happen to become a victim of CoronaVirus ransomware, don’t worry about the ransom, get on a clean system as soon as you can (your cellphone, a laptop) and start resetting all of your passwords. Go after the “crown jewels” first; things like email, social networks, banking, and online stores with saved payment info, etc.
When looking for software downloads, always make sure that you are downloading from the right site, and not a clone. Do not go to a website called “gud[.]softwaredwnlds[.]adobe[.]com” Navigate directly to the official Adobe site to download the software. Always double-check the website address, it is trivial to spoof a site, and the address may be just slightly off from the real one. Be cautious any time you download software from the internet, only use verified websites.
Cybercriminals are ruthless, and we are all targets. They know that we are scared, that we are distracted, and they want to take advantage of this. Stay safe online, pay attention, and be careful.
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.