By Anthony Berrios
Blog Post #13
A group of hackers were recently found promoting a fake antivirus software to distribute a malware payload which could infect the systems with BlackNET RAT, while adding it to a botnet. The two sites that security experts were able to find were antivirus-covid19[.]site and corona-antivirus[.]com. Experts managed to get the first website removed, however the second site remained running as the owners removed all traces of the malicious links on the page. The second page that still remains reads the following paragraph on its website: “Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus. Our scientists from Harvard University have been working on a special AI development to combat the virus using a mobile phone app.”
Anyone users that would fall for this scheme would end up downloading an installer form antivirus-covid19[.]site/update.exe (which is now down) that will deploy the BlackNET malware onto their systems if launched. This essentially serves as a botnet for the cyber criminals that they can uses to remotely access and control the infected user’s computer to do as much as the hacker desires. Typically these botnets are then used for organized attacks like DDoS attacks.
This is obviously a problem because it is another example of cyber criminals taking advantage of the corona virus pandemic across the world. It surely won’t be the last we here of this epidemic being taken advantage of which is why it is more important than ever to stay safe while on the internet and make sure you trust and scan with antivirus any downloads going onto your computer.
PC Security & News 