TravelMug (OP)
|
|
March 12, 2020, 12:05:25 AM Last edit: October 19, 2023, 04:22:30 AM by TravelMug |
|
COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report The new malware activates a strain of malicious software known as AZORult. AZORult is an information stealer and was first discovered in 2016. It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. There is also a variant of the AZORult that creates a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol (RDP) connections. https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/Those bad actors are really taking advantage of every situation that they can find, so just be careful downloading anything specially this so called Covid-19 map of threats. It's cleverly disguise and you might not think of any harm in your way, however, it might be too late when suddenly you loss your personal data including passwords in your crypto wallet. Infection ChainBehaviors
- Steals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version - Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software - Steals stored email credentials of different mail clients - Steals user names, passwords, and hostnames from different browsers - Steals bitcoin wallets - Monero and uCoin - Steals Steam and telegram credentials - Steals Skype chat history and messages - Executes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file
https://success.trendmicro.com/solution/000146108-AZORULT-Malware-Information
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
March 12, 2020, 03:31:40 AM |
|
At least its not affecting Bitcoin much or at all. Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat. Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2534
Merit: 11079
There are lies, damned lies and statistics. MTwain
|
|
March 12, 2020, 07:42:43 AM |
|
You actually beat @PrimeNumber7 by a few minutes publishing this alert, but you must have been writing your respective OPs at the same time (jinx …). The issue here is why anyone would go and download and install an exe file, bypassing all personal safety procedures. Obviously, the dire situation and panic search for information are the cornerstones used by the malware to lower one’s security procedures (or extend over to other people who had none to begin with), as there are many people now searching for information out there (see https://trends.google.es/trends/explore?date=today%203-m&q=coronavirus). By the way, as far as I can see, the Dashboard has no issues itself (I visit it every now and then through it’s URL). It’s the .exe wrapper that some bastards have placed around it, as an alleged method to access the Coronavirus Dashboard.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3892
Merit: 6624
Looking for campaign manager? Contact icopress!
|
|
March 12, 2020, 08:15:35 AM |
|
I'm surprised, my antivirus/firewall (COMODO), usually very eager to stop everything, didn't say anything when I've opened that page. I'll boot soon from an antivirus stick or CD and do a full scan, will return to say if I've found anything about this AZORult.
|
|
|
|
TravelMug (OP)
|
|
March 12, 2020, 10:01:25 AM |
|
At least its not affecting Bitcoin much or at all. Monero/uCoin are not that popular after all. If it would steal BTC/ETH wallets, that would be serious threat. Watch out in general to not execute files downloaded from internet. Scan/Firewall, anything you can do, but best is prevention. Just because it targets cryptocurrency wallet with lower user base, that doesn't mean it's not serious threat. Especially other behavior could affect more user than Monero user. Right, and we all know that malware evolves as well, this what discovered in 2016, spreading through emails. But now those bad actors modify it to fit their agenda with the Covid-19 scare, so its just a matter of time before we can see new strain in the wild that specially targets crypto wallets, passwords, private keys, etc.
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
nakamura12
|
|
March 12, 2020, 10:31:28 AM |
|
I'll still consider this a threat. The one who made this threat really know how to disguise the program. At first, I take a look at it and I can only think that this help us know where the covid19 spreads now and also executing the malware. Covid19 can kill a person and wallet funds being stolen is very sad.
|
|
|
|
Ryushin
Member
Offline
Activity: 322
Merit: 10
|
|
March 12, 2020, 10:34:18 AM |
|
I'm not surprised, I got message from my bank today and they are warning account owners about scammers using coronavirus to spread crypto stealing malware, if you see one do not click on the link
|
|
|
|
madnessteat
Legendary
Offline
Activity: 2464
Merit: 2354
|
|
March 12, 2020, 11:00:19 AM |
|
~snip~
Thank you for sharing the information. Recently, people have become increasingly sophisticated in disguising and distributing malicious software. The creator of the malware is well aware that the whole world is monitoring the situation around the spread of coronavirus and using it for its own selfish purposes.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1599
|
|
March 12, 2020, 11:50:32 AM |
|
Wow. As if what the world's going through with this virus pandemic wasn't enough. The last thing someone would want to happen is to have their funds stolen.. Great finding. Always keep an eye on what you're downloading. You may be unloading a little crypto trojan horse into your computer and I'm sure you do not want that
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3892
Merit: 6624
Looking for campaign manager? Contact icopress!
|
|
March 12, 2020, 12:21:48 PM |
|
Update: after more than 2h spent scanning my system, Kaspersky Rescued Disk 18 has found nothing. I didn't install anything by hand, and it looks like the website gisanddata[.]maps[.]arcgis[.]com also didn't. (The website itself is also seen as clean by Virustotal.)
Strange, since I've visited that website quite a big number of times.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2534
Merit: 11079
There are lies, damned lies and statistics. MTwain
|
<...> Strange, since I've visited that website quite a big number of times.
I interpreted there is no issue with the site itself, but rather with the virus conceptually piggybacking on the site's reputation and information as bait, but being spread through other means (i.e. not by accesint the site itself). This seems to be aligned with what I thought: https://www.world-today-news.com/corona-virus-card-on-the-net-steals-passwords/Interactive map as a decoy
Reason cybersecurity reports on the current case in which an interactive map showing the spread of COVID-19 acts as a trap. The malware hidden in it disguises itself as a “corona virus map”. This is sent by mail or via messenger services. You can also find them as download links on websites. The file is usually called “Corona-virus-Map.com.exe” or “CoronaMap.exe” and is 3.26 MB in size. <...> If you open the file, the expected information – Coronavirus diseases in real time – is displayed. The data for this are taken from a reputable source, namely from John Hopkins University, which is one of them real interactive map provides. This is harmless and not infected with the malware. <...>
|
|
|
|
jossiel
|
|
March 12, 2020, 11:52:43 PM |
|
I don't open attachments if some stranger sends me an email requiring to open the attached file. And these scammers, where the heck they're getting all the emails?
Always watch out your browsing so that you will not end up to alike websites.
Thanks for the heads up!
|
|
|
|
Caketea
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 13, 2020, 02:33:21 AM |
|
Man, the malice and lengths people will go to in order to make a quick buck knows no bounds. Pretty easy to avoid these hackers, though. Don't open emails from obvious spammers, delete and report any emails that looks suspicious. Sadly there are millions of users who lack what should be common wisdom by now, they are bound to get infected and lose a lot of money.
|
|
|
|
plvbob0070
Copper Member
Sr. Member
Offline
Activity: 658
Merit: 402
|
|
March 13, 2020, 08:01:43 AM Last edit: March 13, 2020, 08:11:45 AM by plvbob0070 |
|
It's not surprising to see people taking advantage of the circumstance because they aware that people will easily click the bait if it's pertaining to the virus. We should be fastidious before clicking any link because hackers can simply access your personal and financial information. They should be mindful that hackers use several ways to steal information. It is a lot better to do research than rely on any link shared by other people to acquire information. And, thank you for sharing this kind of information.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2982
Merit: 7642
Playgram - The Telegram Casino
|
|
March 13, 2020, 09:56:53 AM |
|
I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
tbct_mt2
|
|
March 13, 2020, 11:54:35 AM |
|
I expected someone would take advantage of the pandemic sooner or later. Coronavirus or not, it doesn't mean we should let our guard down. As a matter of fact, we should be even more cautious. I have never visited the site, nor do I see a reason why to do it. I get all the info I need locally and it doesn't really help seeing the world map covered in red alerts.
I agree with you. Raw figures of infected, recovered, deaths, and critical cases are more than enough to eloborate situations of the pandemic in local areas or nations. I don't see much sense to look at the weighted-red dot map for the world, just to get an raw overview on how serious the pandemic is over the globe. If we take into consideration of risks from strange sites and unknown elements behind, we should be much more careful.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
|