Fake Antivirus Site Promises Coronavirus Protection, Delivers Trojan

A rogue website claiming to offer a digital antivirus program that can protect users against the Covid-19 coronavirus has been discovered online by Researchers at Malwarebytes. Victims are conned into downloading a remote access trojan (Rat) that turns the target computer into a bot.

The site is one of a growing number of scam websites identified by Malwarebytes — a U.S. Internet security company that specializes in protecting home computers, smartphones, and businesses.

Evidently, more of these sites are popping up all the time, as cyber criminals try out any means to cash in on what is becomingone of the most dangerous and widespread cyber security threats in history.

In a blog post disclosing its latest research, the Malwarebytes threat intelligence team said:

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using Covid-19 as a lure to trick people into installing a variety of malware, but especially data stealers, … As more of us work from home, the need to secure your computer, especially if you are connecting to your company’s network, becomes more important. However, you should be extra careful of bogus security software, especially if it tries to use the coronavirus as a selling point.

It should go without saying that no cyber security antivirus product could possibly provide protection against an actual biological virus.

However, those responsible for the scam — to which we are not linking — have almost certainly already ensnared numerous victims and will be counting on stressed and emotional people being more likely to fall for the trick.

The website (pictured above) states:

Our scientists from Harvard University have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.

If a user is unfortunate enough to install the application, they will find themselves infected by the BlackNET Rat, giving cyber criminals the ability to access the target machine from a command and control (C2) server.

BlackNET enables cyber criminals to co-opt the target machine into a botnet to conduct distributed denial of service (DDoS) attacks, to take screenshots, to steal Firefox cookies, to steal saved passwords, to implement a keylogger, to remotely execute other malicious scripts, and to steal bitcoin wallets if present. Malwarebytes said the full source code for this particular toolkit has been circulating on GitHub for at least a month.

In this instance, Malwarebytes was able to work with CloudFlare, whose service was being abused to deliver the malicious website. CloudFlare has now taken action to flag the website as a phishing scam.

Malwarebytes’ researchers said:

During this period, it is important to stay safe both at home and online. The number of scams we have seen during these past few weeks shows that criminals will take advantage of any situation, no matter how dire it is, … We recommend that you keep your computer up to date and use extra caution when downloading new programs. Beware of instant notifications and other messages, even if they appear to come from friends.

More information, including further screengrabs and indicators of compromise (IoCs), can be found on the Malwarebytes website.

Source: Computer Weekly, Malwarebytes

If you liked this story, check out our Premium Privacy Insights for informative articles on wide-ranging global data privacy issues.

Contact Our Team Today
Your confidential, no obligation discussion awaits.