New ransomware hits Italy via fake Covid-19 map

[Yaunfitda]

A new ransomware name [F]Unicorn has been spreading in Italy by tricking its victim into downloading a fake contact tracing app. They have done it using by taking advantage of the Italian Pharmacist Federation (FOFI) to look like it came from a trusted and reliable source.

Users are lured with an email in Italian informing that a beta release of Immuni for PC is available to fight the spread of COVID-19. From the text of the message, the targets are pharmacies, universities, doctors, and other entities fighting the new coronavirus contagion.

The attacker also cloned the FOFI website and registered a domain name similar to the original. However, they used “fofl.it,“ with a lowercase ”L“ as the last character that is easily confused with the lowercase ‘i’ used in the legitimate domain name.

So when you download and execute the malicious apps, it will shows a fake dashboard from Center for Systems Science and Engineering at Johns Hopkins University. The malware then looks for the following file types in your system.



So once your system is encrypted, the cyber criminals will ask you to pay EUR 300 in three days and to be paid in BTC.

Scammers bitcoin address:

Code:

195naAM74WpLtGHsKp9azSsXWmBCaDscxJ

https://www.blockchain.com/btc/address/195naAM74WpLtGHsKp9azSsXWmBCaDscxJ

It's good that no one has deposited in that address so far.

Scammers email address:

Code:

xxcte2664@protonmail.com

Base on the report, usually this malware targets those who are in the front line of the fights against the virus, but I'm sure they can modify the code to target everyone by having an email campaign.

https://www.bleepingcomputer.com/news/security/new-f-unicorn-ransomware-hits-italy-via-fake-covid-19-infection-map/

[reliable]

Thanks for the detailed explanation and making us aware about it. I have few known ones in Italy and would just hive them the head's up about this that their is round of things happening on this front and must try to ignore if any such msg or mails is being noted and also cautious to the other of their known ones or to write on the blogs or use social media to make aware about it in public.

[fortunecrypto]

Glad that you posted it here for people's awareness, people are always on the look for apps that can help them during this pandemic, there are still no deposit in that Bitcoin we just hope it will stay that way, and people will become aware of this ransomware, the hardest thing that can happen to you is to get a ransomware in your system, some of them even ask thousands of dollars.

[Coyster]

Italy had so many cases and deaths caused by this pandemic, so imo the vulnerabilty for Italians to fall for a scam using the virus as the bait is high. I'm delighted no one is yet to send any funds into that wallet address and since the legitimate organization(FOFI)is already aware of this, and a public statement issued, that's the end of the road for the scammers, with this trick though.

Glad that you posted it here for people's awareness, people are always on the look for apps that can help them during this pandemic...

I will not install or download any app that'll help me keep track with this pandemic, there are other ways to get that information without risking compromising your device; but if anyone must, then they should verify before installing.

[btc_angela]

And for the record, this is what you are going to see if you pc is infected:



https://twitter.com/JAMESWT_MHT/status/1264828072001495041/photo/3

Good thing though is that the fake website has been taken off line already and it didn't cause any damage to anyone as the address is still empty.

[demonica]

Cyber criminals never missed an opportunity to make money, even in a difficult circumstance because they are aware how they can easily manipulate people by their fear. Therefore, it is better to do research before downloading any applications or visiting a site because it is no longer new for a fraudster to claim as a part of a notable organization to deceive people. In this manner, we should educate ourselves on how we can prevent it, like being cautious when it comes on clicking an unfamiliar link that is related to the pandemic.

[crwth]

Maybe those scammers are using different addresses, too, like having a change address or something. That's taking advantage of the current situation that we have today. Never download unknown stuff and make sure to be protected as well with anti-virus or maybe windows defender as long as it's been acquired legitimately.

[BrianZAK]

How low can these guys sink to target frontline workers and the elderly? I expect this to become more widespread very soon as contact tracing apps are being rolled out all across Europe. Hopefully national media outlet will be issuing warnings.

[jossiel]

Few days has passed and it's good to see that there's no one that sent balance to that address.

How low can these guys sink to target frontline workers and the elderly? I expect this to become more widespread very soon as contact tracing apps are being rolled out all across Europe. Hopefully national media outlet will be issuing warnings.

They don't care about their victims, they look to their victims as their milking cow. I hope that this will go to the authorities and they will raise the awareness not just for the frontliners but for all of their citizens.

[LTU_btc]

Damn, these f*cking scammers are using every opportunity to become rich. And Covid-19 is very sensitive topic, especially for Italy, so risk that many people may fall into this is big. At least this Bitcoin address that you've posted is empty so far, so let's hope that there is no victims of this ransomware attack. Thanks for warning!

[Subbir]

We all got to be wary of this Covid-19 because it may be a new strategy to scam them Usually scammers try to urge up by using this virus. It seems to me that albeit this fake virus hits Italy it'll not have much effect on the case because everyone should take care of beforehand. therein case, the danger will end very soon.