The New "Corona Anti-Virus" Malware
Cybersecurity researchers have recently come across a peculiar new software. On its website, it is claimed that the product can protect people from Covid-19.
In other words, this is fake antivirus software that is claiming to cure a biological virus. On the homepage of the website, it is stated: "Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus."
The main reason for this software gaining popularity among the non-tech savvy is nothing but an amusing misunderstanding.
Reports say that the ad was quite a hit, based on peoples’ fears and also due to the false claim that this so-called “antivirus” was developed by AI experts from Harvard University.
There are many people who believed in the ad, and were sucked in by various claims such as “your PC actively protects you against Coronaviruses while the app is running”.
Unfortunately, they became victims by downloading the fake product - which is actually dangerous malware - onto their systems. Once downloaded, this software installed a remote administration tool (BlackNet), which in turn, converted the device into a Bot.
From that point, the users’ devices would be auto-converted to receive commands from the source.
This fake antivirus was used to remotely control advanced features such as:
- Taking screenshots
- stealing Bitcoins
- DDoS attack deployment
- Stealing passwords and Fox cookies
- Executing scripts
- Implementing key loggers
Read on learn about this bizarre fake antivirus, other similar threats during this time, and how to protect yourself.
How It Is Spread
The main reason for this fake antivirus software spreading in such a short time is its catchy ad which played on peoples’ emotions, as well as their lack of technical knowledge. Downloading this type of software, which is essentially a Remote Access Trojan (or, “Rat”) turns a computer into a bot. This gives cybercriminals full control over the device from a command and control server. From that point, cybercriminals can add the infected device into a botnet, which spreads the malware further.
Why This Type Of Threat Is So Risky
This pandemic has transformed the workforce of various businesses and organizations globally.
Companies are asking employees to work from their homes rather than coming to the office, and therefore it is essential for companies to remain in contact through various secure apps, networks, and computers. This creates a whole new gap for cybercriminals to cause havoc in.
The more social distancing takes place, the wider the playing field for cybersecurity breaches.
During Covid-19, there have been some other pandemic-themed threats in the cyberspace:
- DDos attacks against hospitals
- Phishing emails claiming to be from the CDC and the WHO
- Covid-19 tax rebate scams
Here are some classic telltale signs that you are dealing with an illegitimate website, software, or email:
- Poor Spelling and Grammar - Often English is not the cybercriminals’ mother tongue, and this can be a giveaway. For example, an email from the CDC would probably never have a spelling mistake in it.
- Low-Quality Design - A scam is a short term endeavor, and therefore design and branding are not what cybercriminals invest in. Oftentimes, this is evident upon short, yet careful observation.
- General and Unsolicited - If an email is sent to you in an unsolicited manner, you should always be suspicious. If it is not addressed to you by name but starts with “Dear friend” or “Dear colleague”, you should be even more suspicious.
When there is a global event of these proportions, not only do you need to make sure you are extra alert to your surroundings online but also to have a strong antivirus that can screen or flag many threats, before they even get to you.
How To Keep Safe
It is important to stay updated on the latest news revolving around cyberthreats. Knowledge is power, and the best antivirus software in the world will not help us if we fall for fake ads or social-engineering schemes. At the end of the day, the human factor is one of the most important ones in the field of cybersecurity, especially now when there is a lot of confusion and fear around the world.
A rule of thumb is to steer clear from malicious websites and shady URLs. Most fake websites are easy to spot if you look closely. Also turn on your device’s inbuilt antivirus solution so it can notify you of any suspicious activity and block phishing URLs, scam emails, and other threats. Last but not least, be sure to download an antivirus solution or use a web-based scanner to cross-check website links, email attachments, and other files.
As per Tom Kellermann, the Head of Cybersecurity Strategist for VMware Carbon Black; “cybercriminals are notoriously opportunistic and will rely on natural anxieties to meet their end goals”. He went on to stress the importance of added vigilance during this tricky time - which is in fact, the essence of protection against this threat type.