SonicWall Capture Labs Threat Research Team Flags off five Cyberattacks

SonicWall Capture Labs Threat Research Team Flags off 5 top Cyberattacks that leverage coronavirus and COVID-19 to take advantage of the current epidemic.

author-image
DQC Bureau
Updated On
New Update
Secure data

With the coronavirus pandemic taking a grip across the world, measures such as self-quarantine have necessitated a ‘business continuity plan’. With employees working from homes and multiple locations, it has become imperative that businesses remain functional by providing employees access to their remote infrastructure, networks, and devices - albeit with strict vigilance.

Advertisment

While caution is being exercised during this epidemic, there is a group of opportunistic cyber-criminals who have been preying on this fear by developing malicious links and apps to hack devices and steal data.

From creating malicious links to developing otherwise unsuspecting apps, the hackers of the digital age are getting creative in executing their attacks.

SonicWall Capture Labs reaffirms that the risk of engaging with any of the Coronavirus apps is very high. In fact, there are no mobile apps that can track coronavirus infections or point to a vaccine.

Advertisment

Commenting on the growing threat to businesses Debasish Mukherjee as VP, Regional Sales APAC, at SonicWall says, “During challenging times such as the Covid 19 pandemic, organizations have very little choice but to mandate work from home policies for its employees. This implies a need to maintain a flexible work environment without losing availability.

However, deploying a highly efficient remote location can be complex, expensive and time-consuming as protecting its data and systems are primary concerns. SonicWall’s Capture Labs is working 24x7 to keep its customers informed of the impending cyber threats.”

SonicWall Capture Labs Threat Research team has flagged off five of the top cyberattacks that leverage coronavirus and COVID-19 to take advantage of the current epidemic:

Advertisment

Malicious Archive File

Coronavirus-Themed Android RAT

COVID-19 Hoax Scareware

Malicious “Marketing Campaign” Propagates Android RAT

12-Layer Azorult.Rk

Malicious Archive File: February 5, 2020

In early February, SonicWall Capture Labs used patent-pending Real-Time Deep Memory Inspection (RTDMITM) to detect an archive file containing an executable file named CoronaVirus_Safety_Measures.exe. The archive is delivered to the victim’s machine as an email attachment.

Coronavirus-Themed Android RAT: February 26, 2020

SonicWall Capture Labs observed a coronavirus scare tactic being used in the Android ecosystem in the form of a Remote Access Trojan (RAT), which is an Android app that simply goes by the name coronavirus.

After installation and execution, this sample requests the victim to re-enter the pin/pattern on the device and steals it while repeatedly requesting for ‘accessibility service’ capabilities.

Advertisment

COVID-19 Hoax Scareware: March 13, 2020

SonicWall Capture Labs threat researchers observed a malware taking advantage of the coronavirus (COVID-19) fears, also known as ‘scareware.’ The sample pretends to be ransomware by displaying a ransom note. In reality, however, it does not encrypt any files.

Malicious “Marketing Campaign” Propagates Android RAT: March 14, 2020

SonicWall Capture Labs Threat researchers discovered and analyzed malicious campaign websites that currently serve (at the time of publication) Android Remote Access Trojan (RAT) belonging to the same family discovered in February 2020.

Cyberattackers are creating websites that spread misinformation about coronavirus (COVID-19), falsely claiming ways to “get rid of” the novel virus. Instead, the sites attract new victims via download links.

Advertisment

12-Layer Azorult.Rk: March 16, 2020

SonicWall Capture Labs threat researchers found a new sample and activity for the “coronavirus” binary Azorult.Rk. Malware authors have taken advantage of the public’s desire for information on the COVID-19 pandemic since it was first discovered in December 2019 — and it has only escalated since.

Azorult.Rk masquerades as an application providing diagnosis support, even including a screenshot of a popular interactive tool that maps COVID-19 cases and exposure. It includes 12 different layers of static and dynamic information, making it difficult for threat analysts to quickly investigate.