Cyber Attackers Use Fake "Corona Antivirus" to Spread BlackNET Remote Administration Tool

It seems that even in times of a global epidemic, hackers remain vicious as ever. The COVID-19 strain continues to be exploited by cyber attackers for their malicious schemes. So far, we've seen Coronavirus-related email campaigns and comment bots, infected online maps, as well as a variety of threats named after the infamous Coronavirus. From the looks of it, cyber crooks have moved on to a new scheme – fake antivirus software.

Fake Corona antivirus software promises to protect users from the real virus

Two websites were caught promoting bogus Corona Antivirus software – one is antivirus-covid19(.)site, and the other is corona-antivirus(.)com.

The fake program, advertised as "Corona Antivirus – World's best protection," will supposedly protect users from the COVID-19 strain in real life. To prove that the product's abilities are legitimate, the sites states that “Our scientists from Harvard University have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.” Unfortunately, that's not true. The purpose of this scam is to install malware backdoor, called BlackNET, onto the victim's device.

At current, corona-antivirus(.)com no longer exists, leaving antivirus-covid19(.)site the only one that remains operational. The former, which was discovered by the MalwareHunterTeam, no longer includes malicious links and has its content altered.

Hackers use fraudulent antivirus software to distribute a malicious payload

If unsuspecting victims fall for this scam, here's what would happen:

1. The user downloads an installer from the dubious site.
2. When launched, the installer will deploy the BlackNET malware onto the system.
3. Once activated, BlackNET will add the infected machine to a botnet so that hackers can have full control over the system.

Here are some of the things that cyber crooks can do through BlackNET RAT (Remote Administration Tool):

• Upload files
• Take screenshots
• Use a keylogger to obtain keystroke data
• Steal Bitcoin wallets, passwords, credit card information, and other private data
• Launch DDoS attacks
• Execute malicious scripts
• Shut down/Restart the system
• Open visible or hidden websites

While it's unlikely for a user to fall for such an apparent scam, where software can protect you from catching the COVID-19 virus, it's still possible that someone will fall victim to this scheme. More and more people are becoming victims of coronavirus-themed scams, mainly because of the mass panic. And, hackers are exploiting this weakness to profit from malicious attacks.

As previously mentioned, antivirus-covid19(.)site is still active but has all malicious links taken down. That's good news since you won't be able to download the program even if you wanted to. What's new is a donation link, left by the scammers as a poor attempt to make users support their efforts. So far, no donations have been made, which doesn't come as a surprise at all.

Nowadays, the internet is full of fake news, and people have a difficult time telling the truth from a lie. Just because there's a quote from alleged Harvard University scientists, it doesn't make the statement legitimate. It's important to check the facts before we make decisions and rely on trustworthy and legitimate sources.

As the majority of people are working from their homes right now, they're turning into the perfect target for cyber criminals. Specialists recommend to be vigilant and refrain from downloading new software you're not familiar with, to avoid a potential coronavirus malware infection.