Malicious "Corona Anti-Virus" Software Discovered

Researchers at Malwarebytes have unearthed an internet site promoting pretend anti-virus software program it claims can defend individuals from contracting the true human virus COVID-19.

In what comes throughout as a bizarrely comedian case of miscommunication, the positioning (antivirus-covid19[.]web site) gives customers the possibility to “Obtain our AI Corona Antivirus for the absolute best safety in opposition to the Corona COVID-19 virus.” 

The positioning’s operators rigorously selected an educational massive hitter to endorse it. In accordance with the web site, the Corona Anti-virus was developed by “scientists from Harvard College” who “have been engaged on a particular AI growth to fight the virus utilizing a Home windows app.”

To additional authenticate their product’s claims, the positioning’s creators have included a meaningless graphic of three individuals standing round a round raised platform whereas gazing some connecting balls suspended in mid-air. One of many figures factors at a ball as if symbolically indicating the presence of a treatment.   

The Corona Anti-virus claimed: “your PC actively protects you in opposition to the Coronaviruses (Cov) whereas the app is working.”

It is onerous to think about this ill-conceived ruse netting any victims in any way, however those that are persuaded to put in the pretend Corona Anti-virus will inadvertently infect their pc with malware.

Researchers discovered that criminals are utilizing the malicious pretend anti-virus software program to distribute a BlackNet distant administration instrument. Customers who attempt to obtain Corona Anti-virus [antivirus-covid19[.]web site/replace.exe] will flip their PC right into a bot that is able to obtain instructions from a risk actor. 

“The total supply code for this toolkit was revealed on GitHub a month in the past,” stated researchers. “A few of its options embrace deploying DDoS assaults, taking screenshots, stealing Firefox cookies, stealing saved passwords, implementing a key logger, executing scripts and stealing Bitcoin wallets.”

Researchers reported the positioning to American web-infrastructure and website-security firm CloudFlare.

“We knowledgeable CloudFlare, for the reason that risk actors have been abusing their service, and so they took instant motion to flag this web site as a phish,” stated researchers.

עופר איתן

Leave a Reply

Your email address will not be published. Required fields are marked *