Updated With concern about the Covid-19 Coronavirus reaching fever pitch in many countries, many people may be keen to find information online about whether there is an outbreak in their country, and how it compares to the rest of the world.
Well, be careful about which websites you trust.
Not only because there may well be misinformation out there, but also because there might also be malware.
Security researchers at Malwarebytes say that they have found malicious code hiding behind a website that claimed to show an up-to-date global heatmap of Coronavirus reports.
Malwarebytes is identifying the malicious code, which skims for passwords and payment card details, as a variant of the AzorUlt spyware. The malicious site appears to have copied the look-and-feel of a legitimate Coronavirus map from Johns Hopkins University.
So far the researchers have not seen any indication that the website containing the malicious code has been promoted through an email campaign, suggesting that perhaps those behind it were hoping users would stumble upon it while scouring the web for information.
The World Health Organisation (WHO) is publishing information on its website about the Covid-19 Coronavirus outbreak.
Update 10 March 2019: Researchers at PC Risk have shared some more details about the threat which expand upon the original Malwarebytes blog:
Contrary to its name, Corona-Virus-Map.com is not an address of a website, it is the name of a malicious program. It is classified as a trojan, or more specifically a “backdoor” trojan. This type of malware is designed to cause chain infections, in other words – to stealthily download/install additional malicious programs. Corona-Virus-Map.com is presented as a piece of software allowing users to view the progress/spread of the Corona virus epidemic in real time. Instead, this trojan proliferates the AZORult malware.
Be careful what programs you install and run on your computers folks… or you might be putting yourself at risk of a nasty infection.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.