#Privacy: Researchers uncover malicious “Corona Anti-Virus” software

A fraudulent website claiming to offer an antivirus software that protects users from contracting the COVID-19 has been found online. 

Threat actors are now capitalising on the fears of the global pandemic by launching numerous phishing campaigns and using COVID-19 as a lure to fool users into installing a variety of malware. 

The pandemic has caused organisations and businesses worldwide to transition their workforce away from the office environment to working from home. Thus it becomes even more important that when connecting a company’s network, users’ computers are secure. 

Identified by Malwarebytes, a website (antivirus-covid19[.]site) is trying to get users into installing a digital antivirus that supposedly protects them from contracting the actual COVID-19 virus. 

To authenticate their claims, the site states that its scientists from Harvard University  “have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.”

Those persuaded into installing the fake Corona Anti-Virus software inadvertently infect their computer with malware, and subsequently turn their computer into a bot ready to receive commands. 

The software is being used to distribute a BlackNet remote administration tool. 

“The full source code for this toolkit was published on GitHub a month ago,” said researchers. “Some of its features include deploying DDoS attacks, taking screenshots, stealing FireFox cookies, stealing saved passwords, implementing a key logger, executing scripts and stealing Bitcoin wallets.”

Researchers reported the site to web-infrastructure and website-security company CloudFlare as threat actors were abusing their service. CloudFlare took immediate action and flagged the website as a phish. 

Tom Kellermann, Head of Cybersecurity Strategist, VMware Carbon Black and former cyber commissioner for President Obama commented: “We’ve seen attackers try to pollute coronavirus outbreak maps with malware; increased spear phishing email attack attempts, which attempt to prey on local outbreaks; and the global dissemination of disinformation regarding the virus. Cybercriminals are notoriously opportunistic and will rely on natural anxieties to meet their end goals. Additional vigilance is required for remote workers, many of whom are working from home for the first time.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/