Johns Hopkins University has an extremely useful online map that tracks the spread of the coronavirus that causes COVID-19 in real time. Some criminals are copying the map and using it to spread information-stealing malware.
That’s the word of Cybersecurity Reason, a small American-Israeli antivirus maker. Researcher Shai Alfasi detailed in a blog post earlier this week how a downloadable version of the Johns Hopkins map that you can run on your Windows desktop harbors the AZORult Trojan, a piece of malware that has been stealing information since 2016.
- The best antivirus software: Free and paid
- Coronavirus: What You Need to Know and the Latest Updates
- Criminals are using the coronavirus outbreak to spread malware
The last time we saw AZORult masquerading as a ProtonVPN setup file, its creators even created a perfect copy of the ProtonVPN website to do so. Because Johns Hopkins posted the source code for the coronavirus map on GitHub, it may have been inevitable that AZORult managers would also clone the Johns Hopkins map.
Alfasi did not specify how victims could be lured to download and install Johns Hopkins’ poisoned map, but a link is likely being spread via email and social media.
If you install the malicious map, it will try to “steal your browsing history, cookies, IDs / passwords, cryptocurrencies, and more,” as Alfasi wrote.
He added that “there is also a variant of AZORult that creates a new hidden administrator account on the infected machine to allow Remote Desktop Protocol (RDP) connections,” which would allow bad guys to log into your computer at any time.
Fortunately, it is not difficult to avoid infection by this Trojan. First of all, don’t install programs from random links that people send you through social media. Then make sure to install and run one of the best antivirus programs.