The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health and Human issued an announcement March 10 that a malicious website posing as the live map for Coronavirus Disease 2019 (COVID-19) global cases from Johns Hopkins University, Baltimore, MD, is circulating on the Internet. Visiting the website infects the user’s computer with the AZORult trojan, an information-stealing program, which can exfiltrate a variety of sensitive data. It is likely being spread via infected e-mail attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the Internet for a Coronavirus map could unwittingly navigate to this malicious website. The American College of Surgeons urges members to avoid opening any electronic communications from corona-virus-map[dot]com and that health care provider security teams blacklist any indicators associated with this specific threat.
A sample of the malware being deployed by “corona-virus-map[dot]com” was submitted and analyzed and received an extremely malicious threat score of 100/100 with anti-virus (AV) detection at 76 percent. Hybrid-Analysis labelled this sample as a trojan.
For details, go to: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threatanalysis-report/, send requests for information to HC3@HHS.GOV, or call the HC3, Monday-Friday, 9:00 am–5:00 pm Eastern time, at 202-691-2110.