Coronavirus Maps Apps Being Used to Spread Malware: Researchers

The websites that have this malware take information from the Web and produce accurate data which makes them more deceptive.

Coronavirus Maps Apps Being Used to Spread Malware: Researchers

Photo Credit: Reason Lab

The malware's GUI looks very convincing as per the report by researchers

  • Hackers have found a way to steal information through coronavirus maps
  • The analysis was done by cybersecurity researcher Shai Alfasi
  • Suspicious URLs download an application that steals private information

Hackers have found a way to steal private information from users by using maps that show the spread of coronavirus. A threat analysis report on the matter states that hackers are spreading malware which they disguise as a coronavirus map. This malware, when analysed, was found to steal user credentials which include passwords, credit card numbers, and other information from the browser. It was found that this malware used a known malicious software called AZORult to steal sensitive information from users.

The report by cyber-security researcher Shai Alfasi, from Reason Labs, claims that hackers were modifying URLs or adding different details while maintaining the genuine look of the original website, preventing users from realising something is wrong. The report states that the malware's graphic user interface (GUI) looks very convincing and it collects information from the Web to show accurate readings for coronavirus. Once the user visits these websites, they are prompted for a download which is disguised as an app that gives latest information on the spread of the virus.

This app then collects private data which the hackers can use to selling on the deep Web, accessing social media, or exploiting bank accounts. According to the report, the malware “activates a strain of malicious software known as AZORult” which was first discovered in 2016. “It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines,” it adds.

One of the apps analysed by Alfasi was called It is 3.26MB and since it is present in .exe format, can only infect Windows machines as of now. Shai ran ‘procmon' at the same time as the malware app and found a “multi-sub process that was created by ‘CoronaMap.exe' which is not the root process.” This .exe file creates another file called Corona.exe which is an archive which contains execution commands. After further investigation, Shai found that the malware stole login data from the users browser and moved it to ‘C:\Windows\Temp' and creates a filed called ‘PasswordList.txt' that stores all the information.

The complete research has been published on the Reason Labs blog.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Vineet Washington writes about gaming, smartphones, audio devices, and new technologies for Gadgets 360, out of Delhi. Vineet is a Senior Sub-editor for Gadgets 360, and has frequently written about gaming on all platforms and new developments in the world of smartphones. In his free time, Vineet likes to play video games, make clay models, play the guitar, watch sketch-comedy, and anime. Vineet is available on, so please send in your leads and tips. More
NCLAT Rejects CAIT Plea Against CCI Nod for Flipkart's Acquisition
Redmi Note 9 Pro vs Realme 6 Pro vs Samsung Galaxy M31: Price in India, Specifications Compared

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on