by … hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.
Link:
https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html?
Summary:
- Authored by Ravie Lakshmanan Based on Check Point research.
- Massive uptick in hacker content using Coronavirus as bait:
- Threat Actors selling their ‘services’ with Coronavirus discount codes
- Phishing sites with epidemic-related content
- Scams – Offers of discounted brand products up to 80% using Coronavirus discount codes
- The latest in a string of opportunistic methods used by threat actors to capitalise on global chaos and uncertainty.
- Others include Spearphishing, malware distribution, malspam, fake apps, and social media misinformation.
- Number of Coronavirus-related domains increased nearly 10 times in just a few weeks to over 6000 as of 09/03. (Nearly 10% marked as Suspicious).
- Overall, advice is to be more vigilant when browsing epidemic-related content online, use trusted sources, ensure 2FA and secure access is setup for remote working, and not use personal devices for work purposes.
Extracted IOCs & Artefacts
Threat Actors:
- SSHacker
- True Mac
- APT36
Malware:
- Crimson Remote Administration Tool (RAT)
- BabyShark
- AZORult
- CovidLock ransomware (COVID19 Tracker App)
Share Post:
