With the spread of the Corona virus, to a global pandemic, and the panic caused by its spread, everyone has their eyes on the monitors that show the charts with maps that show the trend of the SARS-COV virus spreading. II which causes COVID-19 disease, known as Coronavirus.

Cybercriminals have taken advantage of this opportunity, through these tables - in the background - to inject into the victims' computers a masked malware like "Coronavirus map", whose full name is Corona-virus-Map.com.exe , which is a Win32 executable card, size 3.2 MB. If you run it, double-clicking on it will open a window showing a map showing infected sites, similar to that of Johns Hopkins University - which is a legitimate source of cases. confirmed with coronavirus in real time. In the background, the following processes will run: Bin.exe, Windows.Globalization.Fontgroups.exe, and Corona-virus-Map.com.exe, which will attempt to link to several URLs on the Internet.

If your computer is infected with this malware, you will see a doubling of the "CoronaMap.exe" file, and you will notice a multiplication of "Corona.exe", "cmd.exe", "Conhost.exe", "bin". exe ”, and“ Windows.Globalization.Fontgroups.exe ”.

A security researcher from Reason Labs, Shai Alfasi, analyzed the malware to conclude that the malware had used apps that showed maps of the spread of the 'Corona' virus to steal personal data from users. such as credentials, passwords, credit card numbers, and other sensitive information that is stored on the web browser. Criminals can use this data in various ways, they can sell it, use it to gain access to bank accounts or social networks, etc.

For now, malware only infects Windows computers, but it is believed that criminals are preparing a new version that will support other systems.

Alfasi points out that the malware has been activating software known as malicious since 2016 - AZORult, which is designed to steal information including "cookies", passwords and online browsing history.

In addition, the malware modifies some registers under the paragraph

"ZoneMap"

Computer \ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap, and

 "LanguageList"

Computer \ HKEY_CLASSES_ROOT \ Local Settings \ ImmutableMuiCache \ Strings \ 52C64B7E

To protect yourself from this infection, or even to clean your computer if it is infected, you must have an anti-virus or anti-malware program - in which case the researcher proposes the company's "Reason Antivirus" anti-virus. Reason Labs ”where he works.