Fake Corona Anti-virus software

[TravelMug]

So cyber criminals are now creating a fake website, supposedly an anti-virus software. Instead what you're going to get is a BlackNET RAT, which has the ability to:

• Deploying DDOS attacks
• Taking screenshots
• Stealing Firefox cookies
• Stealing saved passwords
• Implementing a keylogger
• Executing scripts
• Stealing Bitcoin wallets

Actual image of the fake site

Website:

Code:

https://corona-antivirus.com/

Download link:

Code:

http://antivirus-covid19.site/update.exe

Although as of now the download link is not working, but I'm sure those bad actors are going to relaunched it very soon and probably patching things up to that it will be hard to detect by AV. Now that most are working from home, just be very careful. They even added a bitcoin donation address. So far none has fallen for this and try to donate on that address.

Bitcoin Address:

Code:

15tvkwqxRw1rXPBsbbh3jUSNYkGg123fY7

A detailed technical explanation here: https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/

[mk4]

From the first link: "Your mobile device actively protects you against the Coronaviruses (Cov) while the app is running."

If a certain person actually thinks a mobile app can protect him/her from COVID-19 then I don't even know what to say.

[PrimeNumber7]

I have to wonder how many people actually think the coronavirus is something their computer can get or that it is something they can get from their computer.

This has got to be the result of a poor translation of a poor translation.

[Maus0728]

Who the heck will believe in that particular joke? Even tho it is stated only for fun. It has the possibility to confuse illiterate end users.

Also the website looks like another bought website in the market which are particularly used for scamming people. I remember HEX website wherein the website user interface is similar with that of the antivirus

Anyways, can this be reported? If yes, where can I possibly report it?

[20kevin20]

From the first link: "Your mobile device actively protects you against the Coronaviruses (Cov) while the app is running."

If a certain person actually thinks a mobile app can protect him/her from COVID-19 then I don't even know what to say.

I've seen videos of people saying only computers have viruses, not humans, so this doesn't surprise me at all. But I guess the same guys cannot use a damn Bitcoin if that's all the knowledge they have.


The fake website looks so good, damn it! If you aren't the type of person to download any shit off the Internet, then I don't even know why you'd need an antivirus. I haven't had one in years - whenever I tried to, it deleted and blocked all the important files, I swear..

[NotATether]

I have reported this site to Google Safe Browsing and encourage you all to do the same.

[sheenshane]

snip-
Anyways, can this be reported? If yes, where can I possibly report it?

The same question as here, if not yet reported we will help others and report this phishing to, safebrowsing/report_phis/..

That is the reason I hate downloading from browsing on the website because we even don't know how safe they are. Even in google Playstore I always read and check feedbacks from others to have referenced before I downloaded the apps.

Thank you for sharing OP, I think you must include this thread of yours on "How and Where to Report Phishing Websites". This is great stuff and very helpful to newbies out there.

[Bazlur]

I have reported this site to Google Safe Browsing and encourage you all to do the same.

I am also reported this site because some people may fall in danger by installiing the software. Some people may become curious about the website and install the software to see "Is this really working? "and fall in danger. So it is high time to report the website.

[UserU]

From the first link: "Your mobile device actively protects you against the Coronaviruses (Cov) while the app is running."

If a certain person actually thinks a mobile app can protect him/her from COVID-19 then I don't even know what to say.

You'd be surprised how many recently tens of thousands of new websites are taking advantage of this trend. We even have to deal with Corona porn and merchandises

[UserU]

I have reported this site.

Good job, cybersecurity companies are catching up too

[Coyster]

There are a lot of individuals who only know that there is a virus spreading all over the world by the name corona virus, they know nothing more about it, neither have have they read anything on what sort of virus it is, how it can be transmitted, the preventive measures and other whatnots, this group of people are the ignorant ones and though it's hard to believe, they are actually the ones that can fall this kind of scam, they are only driven by the fear of the virus, that fear can make them download this and lose a lot.

[blue Snow]

Website:

Code:

https://corona-antivirus.com/

Virus total detected 4 Malicious link at that site
https://www.virustotal.com/gui/url/8653be1d721f31ecc0cc668e3aa928623352883b94ca3068968dc9f6cedec39f/detection

Download link:

Code:

http://antivirus-covid19.site/update.exe

Virus total detected 3 Malicious in download link
https://www.virustotal.com/gui/url/3fd0154a5192424d93df575cbbf9f0d2f45b969b359b257f3caa27b51a7aac37/detection

>> Newbie or beginner shouldn't click those links to avoid your PC from malware injection.

[hugeblack]

Corona is a hot topic so you will find that some people try to use this name in the free promotion of a project as a friend has prepared a drink with this name.
Perhaps the hacker/scammer tries to add some things like that the program asks you to add a sensor to make sure that you are not infected, or that it displays the number of cases and other justifications that may make sense to people who do not have sufficient programming information.

You can report it to make sure it is deleted.

[TravelMug]

Thanks to everyone who have reported this malicious websites.

It has been taken down already. But we shouldn't be too complacent, as Developing Story: Coronavirus Used in Malicious Campaigns.