Malicious “Corona Anti-Virus” Software Discovered

Malicious “Corona Anti-Virus” Software Discovered

Originally Published on this site

Malicious “Corona Anti-Virus” Software Discovered

Malicious "Corona Anti-Virus" Software Discovered 1

Researchers at Malwarebytes have unearthed a website advertising fake anti-virus software it claims can protect people from contracting the real human virus COVID-19.

In what comes across as a bizarrely comic case of miscommunication, the site (antivirus-covid19[.]site) offers users the chance to “Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus.” 

The site’s operators carefully chose an academic big hitter to endorse it. According to the website, the Corona Anti-virus was developed by “scientists from Harvard University” who “have been working on a special AI development to combat the virus using a Windows app.”

To further authenticate their product’s claims, the site’s creators have included a meaningless graphic of three people standing around a circular raised platform while staring at some connecting balls suspended in mid-air. One of the figures points at a ball as though symbolically indicating the presence of a cure.   

The Corona Anti-virus claimed: “your PC actively protects you against the Coronaviruses (Cov) while the app is running.”

It’s hard to imagine this ill-conceived ruse netting any victims whatsoever, but those who are persuaded to install the fake Corona Anti-virus will inadvertently infect their computer with malware.

Researchers found that criminals are using the malicious fake anti-virus software to distribute a BlackNet remote administration tool. Users who try to download Corona Anti-virus [antivirus-covid19[.]site/update.exe] will turn their PC into a bot that is ready to receive commands from a threat actor. 

“The full source code for this toolkit was published on GitHub a month ago,” said researchers. “Some of its features include deploying DDoS attacks, taking screenshots, stealing Firefox cookies, stealing saved passwords, implementing a key logger, executing scripts and stealing Bitcoin wallets.”

Researchers reported the site to American web-infrastructure and website-security company CloudFlare.

“We informed CloudFlare, since the threat actors were abusing their service, and they took immediate action to flag this website as a phish,” said researchers.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)