Cyber Security

Antivirus App Spreads BlackNET Malware by Promising Real Life Protection From COVID-19

A bogus antivirus app dubbed Corona is preying on COVID-19 fears, promising to protect its users from the pandemic virus. What the app actually does is spread a malware threat, known as BlackNET RAT.

Both the antivirus-covid19[.]site and corona-antivirus[.]com web pages boast ridiculous claims, offering “best possible protection against the Corona COVID-19 virus,” declaring that their software can protect its users in real life.

Malware Disguised as Anti-Malware

The websites went as far as to claim that “scientists from Harvard University have been working on a special AI development to combat the virus using a mobile phone app.”

After the first website was taken down, the second removed the malicious links and changed its written content to add a disclaimer that “this is only a fun project.”

Researchers warn that the websites take advantage of the COVID-19 outbreak to push an infected installer that drops BlackNET RAT; a malware threat designed to steal sensitive information and add the infected devices to the BlackNET botnet.

Figure 1: Increase of Coronavirus-related Domains

Chart showing the weekly increase of domains registered with the words coronavirus in them.

The graph shows the increase in COVID19-related domains in the past two months. Source: Check Point

What is BlackNET RAT

BlackNET RAT is a Remote Access Trojan that adds devices to the BlackNET botnet. The malware comes with a built-in keylogger and is designed to harvest sensitive data, including passwords and other credentials, cookies, and Bitcoin wallets.

The RAT comes with bot management features that can uninstall or update a bot client, restart and shut down the infected devices, and even open hidden web pages.

Additionally, this malware can launch DDoS attacks, take screenshots of the victim’s screen, upload files onto the infected device, and execute scripts.

The malware is also equipped with anti-forensic and anti-VM features that prevent researchers from analyzing it properly.

A Cyber Pandemic of Coronavirus-themed Threats

Cybersecurity experts warn that Corona Antivirus is not the only fake app that takes advantage of the global COVID-19 outbreak. A cyber pandemic of Coronavirus-themed scams, trojans, and RATs threaten both desktop and mobile users alike.

The number of newly registered domains related to COVID-19 has skyrocketed since the Coronavirus outbreak was officially classified as a pandemic. According to CheckPoint, since the end of February, approximately 0.8% (93 websites) of all analyzed domains were actively malicious; and 19% (2,200+ sites) were suspicious.

The US Department of Homeland Security warns that cybercriminals will continue to exploit the pandemic. All users are strongly advised to enforce strict cyber-hygiene standards.

Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close