Fake Corona Antivirus Used To Install Backdoor Malware
Cybercriminals are taking advantage of the coronavirus crisis in full swing. The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively.
That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects against the actual COVID-19 virus infecting people across the world.
“Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus,” the site reads. “Our scientists from Harvard University have been working on a special AI development to combat the virus using a window app.
If anyone would fall this, they would end up downloading an installer from antivirus-covid19[.]site/update.exe (link is now down) that will deploy the BlackNET malware onto their systems if launched.
BlackNET will add the infected device to a botnet that can be controlled by its operators:
• to launch DDoS attacks
• to upload files onto the compromised machine
• to execute scripts
• to take screenshots
• to harvest keystrokes using a built-in keylogger (LimeLogger)
• to steal bitcoin wallets
• to harvest browser cookies and passwords.
The malware also comes with bot management features including restarting and shutting down the infected devices, uninstalling or updating the bot client and opening visible or hidden web pages.