Hackers develop malicious apps and links to prey off data and hack remote devices
With the coronavirus pandemic taking a grip across the world, measures such as self-quarantine have necessitated ‘business continuity plan’. With employees working from homes and multiple locations, it has become imperative that businesses remain functional by providing employees access to its remote infrastructure, networks and devices – albeit with strict vigilance. While caution is being exercised during this epidemic, there is a group of opportunistic cyber-criminals who have been preying on this fear by developing malicious links and apps to hack devices and steal data. From creating malicious links to developing otherwise unsuspecting apps, the hackers of the digital age are getting creative in executing their attacks.
SonicWall Capture Labs reaffirms that the risk of engaging with any of the Corona virus apps is very high. In fact, there are no mobile apps that can track coronavirus infections or point to a vaccine.
Commenting on the growing threat to businesses Debasish Mukherjee as VP, Regional Sales APAC, at SonicWall says, “During challenging times such as the Covid 19 pandemic, organizations have very little choice but to mandate work from home policies for its employees. This implies a need to maintain flexible work environment without losing availability. However, deploying a highly efficient remote location can be complex, expensive and time consuming as protecting its data and systems are primary concerns. SonicWall’s Capture Labs is working 24×7 to keep its customers informed of the impending cyberthreats.”
SonicWall Capture Labs Threat research team has flagged off five of the top cyberattacks that leverage coronavirus and COVID-19 to take advantage of the current epidemic:
- Malicious Archive File
- Coronavirus-Themed Android RAT
- COVID-19 Hoax Scareware
- Malicious “Marketing Campaign” Propagates Android RAT
- 12-Layer Azorult.Rk
Malicious Archive File: February 5, 2020
In early February, SonicWall Capture Labs used patent-pending Real-Time Deep Memory Inspection (RTDMITM) to detect an archive file containing an executable file named CoronaVirus_Safety_Measures.exe. The archive is delivered to the victim’s machine as an email attachment.
Coronavirus-Themed Android RAT: February 26, 2020
SonicWall Capture Labs observed a coronavirus scare tactic being used in the Android ecosystem in the form of a Remote Access Trojan (RAT), which is an Android app that simply goes by the name coronavirus. After installation and execution, this sample requests the victim to re-enter the pin/pattern on the device and steals it while repeatedly requesting for ‘accessibility service’ capabilities.
COVID-19 Hoax Scareware: March 13, 2020
SonicWall Capture Labs threat researchers observed a malware taking advantage of the coronavirus (COVID-19) fears, also known as ‘scareware.’ The sample pretends to be a ransomware by displaying a ransom note. In reality however, it does not encrypt any files.
Malicious “Marketing Campaign” Propagates Android RAT: March 14, 2020
SonicWall Capture Labs Threat researchers discovered and analyzed malicious campaign websites that currently serve (at the time of publication) Android Remote Access Trojan (RAT) belonging to the same family discovered in February 2020. Cyberattackers are creating websites that spread misinformation about coronavirus (COVID-19), falsely claiming ways to “get rid of” the novel virus. Instead, the sites attract new victims via download links.
12-Layer Azorult.Rk: March 16, 2020
SonicWall Capture Labs threat researchers found a new sample and activity for the “coronavirus” binary Azorult.Rk. Malware authors have taken advantage of the public’s desire for information on the COVID-19 pandemic since it was first discovered in December 2019 — and it has only escalated since. Azorult.Rk masquerades as an application providing diagnosis support, even including a screenshot of a popular interactive tool that maps COVID-19 cases and exposure. It includes 12 different layers of static and dynamic information, making it difficult for threat analysts to quickly investigate.
SonicWall has been fighting the cybercriminal industry for over 28 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram