Larry Keating, President of Keating Technologies and NPC Security has brought to our attention that malicious health advisory emails are being used by hackers to exploit the global COVID-19 pandemic. Most notably, Keating's security company alerted their customers to show caution when opening the Johns Hopkins Coronavirus COVID-19 map.
"Numerous legitimate organizations around the world and hundreds of millions of citizens access the map to monitor the state of the COVID-19 pandemic" observes Keating who adds, "according to Johns Hopkins there have been "1.2 billion daily [feature] requests in early March. A "feature request" represents the number of times visitors have accessed the underlying data while visiting the dashboard. Since Feb 19, the dashboard has been visited from nearly every country in the world, including North Korea, Iran and Cuba."
While access to the correct map directly is not a risk, some threat actors have used the ability to embed the map in their website as a lure to their malicious site. In other cases, they have re-created a similar looking map. Hackers are targeting people who are searching for this map and directing them to a malicious version of the map to trick them to download malware on to their device. The malicious file is usually named as "Corona-virus-Map.com.exe" and inside contains a malware called AZORult. It is an information stealing malware targeting the usernames, passwords, credit card information, and other information that is saved on the victims Internet browser.
The Johns Hopkins Coronavirus COVID-19 Global Cases map itself is not malicious and does not contain malware. ESRI, the provider of geographic information system for the John Hopkins map, has reassured that the real online map "does NOT contain any malware (and NEVER contained malware)."
To access the map with certainty that you are on the legitimate site, search for Johns Hopkins University COVID-19 map and ensure you are only accessing and bookmarking it directly from their site.
This is the legitimate web address: https://coronavirus.jhu.edu/map.html.
"If you land on a version of the Johns Hopkins map and it asks you to download anything" warns Keating, "do NOT download and immediately close the browser."
As a public service, Keating Technologies will be hosting a free webinar on working from home and staying secure while using Office 365. This 60-minute webinar is open to all and is being held March 27th. You can register here.