fbpx

AS THE CORONA VIRUS SPREADS, ALSO DOES COVID-19 MALWARE: A PHISHING THREAT

https://infographics.channelnewsasia.com/covid-19/map.html

CoronaVirusSafetyMeasures_pdf.exe has been identified as a “suspicious” executable file, although the infection vector used by the attackers is not yet known, the most likely method of dissemination is a phishing campaign that would deliver it as an email attachment. They would apparently use RAT Remcos to record the keys you press in combination with a VBS file designed to run the RAT.

The malware will also gain control over the infected device by adding a boot record key that allows it to reboot after the computer is rebooted. RAT will then start logging the user’s keys and store it within a log.dat file. The stolen information is then sent to your command and control server. We know that last year Remcos RAT was used through a phishing campaign aimed at accounting firms to steal information from the tax returns of all taxpayers in the USA.

Earlier this month another phishing campaign was detected distributing an “information thief” malware called Lokibot through emails designed to simulate being sent by the Ministry of Health of the People’s Republic of China and containing emergency Coronavirus regulations in English. Inspired by Emotet and the significant increase in Coronavirus infection rates, Lokibot operators saw an opportunity to expand their botnet and joined the current trend of scare tactics.

CoronaVirusSafetyMeasures_pdf.exe

HASH:

c9c0180eba2a712f1aba1303b90cbf12c1117451ce13b68715931abc437b10cd

For more info: Marketing@cybergate.tech