Here’s a List of Newly Discovered Malware That Tapped Into Coronavirus Fears to Infect Users

  • Over the past weeks, security researchers have uncovered a variety of new malware with new capabilities that were propagated in the name of Coronavirus.
  • Some of these malware exploit the sensitivity of the current situation to create way more havoc than in a normal circumstance.

In addition to a surge in Coronavirus-related scams, there has also been a rise in malware attacks that leverage the name and fear of the disease to infect users. Over the past few weeks, security researchers have uncovered a variety of new malware with new capabilities that were propagated in the name of Coronavirus. Some of these malware exploit the sensitivity of the current situation to create way more havoc than in a normal circumstance.

Newly found malware

The following is a list of new malware that have been discovered so far, leveraging the pandemic.

CoronaLocker

This new screenlocker, which is distributed via a fake WiFi program called ‘wifihacker.exe,’ tries to lock users out of Windows by making annoying sounds and displaying a warning message. The victim is asked to contact attackers through an email address displayed on the screen to unlock the screen. Once installed, the malware creates a variety of Registry settings that prevent the Task Manager and Run commands from working, the Desktop icons are hidden, Start Menu is disabled, and more.     

PoetRAT

Adversaries had used this Python-based remote access trojan (RAT) to target the Azerbaijan government and energy sector. The malware was deployed through Microsoft Word documents that arrived through COVID-19-themed phishing emails.   

ProjectSpy campaign

The campaign was launched to infect Android and iOS users with two spyware named AndroidOS_ProjectSpy.HRX and IOS_ProjectSpy.A. These spyware were disguised as an app called ‘Coronavirus Updates’ that had a significant number of downloads in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.  

BlueTea Action trojan

This new trojan was found to be propagated via phishing emails that had a subject line as ‘The Truth of COVID-19’. The phishing email included an RTF attachment carrying the exploit for CVE-2017-8570 vulnerability.

Coronavirus wiper malware

This new Windows malware, which is no less than NotPetya, makes disks unusable by overwriting the master boot record (MBR). The victims of the malware are shown a gray screen and a blinking cursor with a simple message that reads, ‘Your computer has been trashed.’    

SpyMax

Belonging to surveillanceware family, SpyMax was found targeting Libyan individuals. It masqueraded as ‘Corona live 1.1’ to steal photos, media, files, device location, as well as permission to take pictures and record videos of individuals.  

CoronaVirus ransomware

Discovered by MalwareHunterTeam, this new ransomware is distributed through a fake web site pretending to promote the system optimization software utilities from WiseCleaner. After infecting a system, it encrypts files with specific extensions and later demands approximately $50 in bitcoins to decrypt files.   

BlackWater backdoor

This new backdoor malware leveraged the Coronavirus outbreak to abuse Cloudflare Workers as an interface to the C2 server. The malware was propagated through a suspicious RAR file, named ‘COVID-19’, that provided information about the disease.