openPR Logo
Press release

Coronavirus Malware Exploits Global COVID-19 Fears to Infect Devices & Steal Data

03-23-2020 09:24 AM CET | IT, New Media & Software

Press release from: EnigmaSoft Limited

Dublin, Ireland, [DATE] - As Coronavirus continues its rapid spread, Internet users are fearful of coming into contact with the virus and anxious for more information about the coronavirus outbreak. Cybercriminals are taking advantage of the coronavirus (COVID-19) pandemic and preying on vulnerable people's fears to spread malware. A number of cyber-attacks and strains of malware themed after COVID-19 have swept across different parts of the world over the last few days.
An advanced persistent threat (APT) is believed to be behind the March 2020 targeted attack dubbed 'Vicious Panda' that was also spreading coronavirus malware. The 'Vicious Panda' attack used phishing emails targeted at Mongolian government institutions. The emails came with RTF file attachments that allegedly contained important information about coronavirus. The payload contained in the malicious RTF attachments was a version of the RoyalRoad malware tool. Often associated with Chinese threat actors, the tool makes use of equation editor vulnerabilities in MS Word.

Coronavirus malware ( took a lot of different forms in a short span of time. In mid-March 2020, a new strain of ransomware appeared in the wild, named CoronaVi2020. Distributed primarily through spam emails and malicious attachments, the CoronaVi2020 ransomware asks for a relatively modest 0.008 BTC (roughly 50 USD) ransom and seems to be targeting regular home users instead of corporations and government institutions. The ransomware affects most common file types including images, databases and office files, with the ransomware appending its author's email -- coronaVi2022[at]protonmail[dot]ch -- in front of affected files.

The Coronavirus ransomware was also spotted bundled with the info-stealer trojan Kpot. A malicious site was distributing an executable named WSHSetup.exe that was effectively a bundle carrying both the coronavirus ransomware and the Kpot Trojan. Kpot can scrape account information from a number of web browsers, email accounts, cryptocurrency wallets and game distribution clients.

Along with the desktop CoronaVi2022 ransomware, phones were hit by a malicious app posing as a coronavirus tracker. The mobile malware acted more or less like ransomware, locking the phone and asking for $250 in ransom. Thankfully, the mobile ransomware was a rushed job despite its very threatening messages to the victim. Security researchers were able to find a hardcoded universal key in the locker itself. Anyone who got the mobile coronavirus tracker ransomware can unlock their phone using the code '4865083501'. The discovery was made by the DomainTools security research team.

The sudden spike in coronavirus malware also made some older threats topical once again. The info-stealer AZORult that debuted back in 2016 made the headlines again, after it was used in a fake online COVID-19 infection and mortality tracking map. The real map is maintained by the science and engineering center of the Johns Hopkins University and is hosted on a completely different domain. The malicious site hosting the fake map copied its visual style perfectly but also distributed a payload named 'corona.exe' that contains AZORult and scrapes victim systems for cryptocurrency wallets and Steam accounts, among others. The domain that hosted the malicious online map has been taken down.

The best way home users can stay safe and protect their systems from coronavirus malware is to only download files from trusted sites, never click on any unsolicited links and double-check the address bar of their browser to see if the URL is spelled correctly and points to what they expect.

With real-world COVID-19 cases starting to grow exponentially in a number of new countries, computer users should expect hackers to continue taking advantage of this global health crisis.

EnigmaSoft Limited
1 Castle Street,
3rd Floor,
Dublin 2 D02XD82

EnigmaSoft Limited is a privately held Irish company with offices and global headquarters in Dublin, Ireland. EnigmaSoft is best known for developing and distributing SpyHunter 5, an anti-malware software product and service. SpyHunter 5 detects and removes malware, enhances Internet privacy, and eliminates security threats - addressing issues such as malware, ransomware, trojans, rogue anti-spyware, and other malicious security threats affecting millions of PC users on the web.

This release was published on openPR.

Permanent link to this press release:

Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Coronavirus Malware Exploits Global COVID-19 Fears to Infect Devices & Steal Data here

News-ID: 1978209 • Views: 353

More Releases from EnigmaSoft Limited

EnigmaSoft Releases SpyHunter for Mac to Combat Mac Malware's Unprecedented Rise
Dublin, Ireland, April 23, 2020 - EnigmaSoft Limited has released SpyHunter for Mac, a powerful malware detection and removal product that brings advanced security and optimization technologies designed for and compatible with macOS. Although historically it was commonly perceived that Mac computers were more secure and not as susceptible to malware attacks as Windows systems, this perception has changed dramatically in recent years as Mac malware prevalence and complexity has
Ninth Circuit Denies Malwarebytes' Petition for Rehearing - Court Rules Enigma S …
San Francisco, CA, January 2, 2020 − The Court of Appeals for the Ninth Circuit has denied Malwarebytes' Petition for Rehearing and Rehearing en banc and ordered that Enigma Software's lawsuit against Malwarebytes for anticompetitive, unfair trade practices can proceed in the District Court for the Northern District of California. The Ninth Circuit Court also ordered that no further petitions for rehearing or rehearing en banc will be entertained by
SpyHunter, Anti-Malware Remediation App, Earns AppEsteem Certification
Dublin, Ireland, December 27, 2018 − EnigmaSoft Limited was extremely honored to learn that AppEsteem has bestowed its highly respected App Certification on EnigmaSoft's SpyHunter, an anti-malware software solution designed to detect and remove on-going and emerging malware threats. AppEsteem's Certification process requires companies to undergo a rigorous and demanding review that entails detailed substantive analyses for both consumer-protection criteria and multiple levels of technical review. The Certification required SpyHunter
EnigmaSoft Launches SpyHunter 5 to Set a Benchmark for Malware Removal and Preve …
Dublin, Ireland, June 28, 2018 - EnigmaSoft Limited releases SpyHunter 5, an adaptive malware protection and remediation application. SpyHunter 5 brings its customers welcomed advancements in computer malware protection and removal of a vast array of emerging threats, such as trojans, ransomware, worms, viruses, rootkits, adware, potentially unwanted programs, and potentially unwanted objects. SpyHunter 5 has provided millions of subscribers with an anti-malware software solution designed to detect and remove the

All 5 Releases

More Releases for Dublin

Dublin 2 Ultrasound Pregnancy Scan Clinic Releases Miscarriage Diagnosis Guideli …
Dublin, Leinster ( openpr ) April 18, 2011 - The Dublin 2 medically led ultrasound pregnancy scan clinic, Merrion Fetal Health, has released an overview of their miscarriage diagnosis guidelines. The entire document for these guidelines can be found on their website. Merrion Fetal Health follows the guidelines of The National Maternity Hospital and the Royal College of Obstetricians & Gynaecologists to ensure that misdiagnosis does not occur.
Dublin City University Students gives Perigord wings
DUBLIN CITY UNIVERSITY STUDENTS GIVES PERIGORD WINGS Four Masters students, of Business Studies in Marketing, from DCU Business School have helped an Irish firm, the Perigord Group take its first steps into the World of social media and have picked up an award for their endeavours… Media Release. Four Masters students of Business Studies in Marketing from DCU Business School were given the opportunity to gain hands on experience in
ReservaCar Dublin online car rental company partnered with Newgrange Lodge
Newgrange Lodge, which provides a unique venue that, offers hotel accommodation and traditional Irish hospitality, teamed up with car hire site. The lodge is perched on seven acres overlooking the tranquil, picturesque Boyne Valley, the famous River Boyne and the ancient sites of Newgrange and Knowth. The picturesque and intimate surroundings of Newgrange Lodge provide the perfect venue for marquee wedding reception. Newgrange Lodge is well suited to host private
Tuscany Fine Villa Rentals partnered with ReservaCar Dublin Airport
Tuscany Fine Rentals offers villas in Tuscany, now allows customers to book car rental too. As a result of cooperation between Tuscany Fine Rentals and ReservaCar Dublin Airport, holiday makers can book their holiday accommodation in Tuscany and car rental on Staying in a villa in Tuscany is great, because it gives holidaymakers the freedom and independence to come and go, just as and when it suits them. People are teamed up with ReservaCar Dublin Airport
February 2008 director of, Shay Bollard partnered with Dublin business woman Noemi Beres, ReservaCar Dublin Airport. The website has a Live Booking System linked into just about every office of every major car hire company in the world. members are able to visit this site where they can look and book cars in real time, and they also have the opportunity to search for the best car
Orlando Villas Ireland partnered with ReservaCar Dublin Airport
December 2007 Dublin businessman and director of Orlando Villas Ireland, Derek Heffernan partnered with Dublin business woman Noemi Beres, ReservaCar Dublin Airport. The website has a Live Booking System linked into just about every office of every major car hire company in the world. Orlando Villa clients are able to visit this site where they can look and book cars in real time, and they also have the opportunity