Johns Hopkins University has an extremely useful online map that tracks the spread of the coronavirus that causes COVID-19 in real time. Some crooks are copying the map and using it to spread information-stealing malware.
That's the word from Reason Cybersecurity (opens in new tab), a small American-Israeli antivirus maker. Researcher Shai Alfasi detailed in a blog post earlier this week how a downloadable version of the Johns Hopkins map that you can run on your Windows desktop harbors the AZORult Trojan, a piece of malware that has been stealing information since 2016.
- The best antivirus software: Free and paid
- Coronavirus: What you need to know and latest updates
- Crooks are using the coronavirus outbreak to spread malware
We last saw AZORult posing as a ProtonVPN installer file, and its makers even created a perfect copy of the ProtonVPN website to do so. Because Johns Hopkins posted the coronavirus map's source code on GitHub (opens in new tab), it may have been inevitable that the AZORult managers cloned the Johns Hopkins map too.
Alfasi didn't specify how victims might be lured into downloading and installing the poisoned Johns Hopkins map, but it's likely that a link to it is spreading via email and social media.
If you do install the malevolent map, it will try to "steal browsing history, cookies, ID/passwords, cryptocurrency and more", as Alfasi wrote.
He added that "there is also a variant of the AZORult that creates a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol (RDP) connections", which would let bad guys log into your computer at any time.
Fortunately, it's not hard to avoid infection by this Trojan. First, don't install programs from random links that people send you over social media. Then, make sure to install and run one of the best antivirus programs.