In brief

  • A coronavirus map, loaded with malware, is infecting computers
  • It steals sensitive information around crypto wallets
  • But the information on the map comes from accurate sources.

Worried about being infected by the coronavirus? Extend that concern to your computer: You might just have a new set of problems on your hands if you’ve downloaded software that tracks the coronavirus pandemic

Some coronavirus maps have been infected with a malicious piece of software that steals personal information, all while providing you with up to date coverage of the virus. 

From the makers of CoronaCoin, the cryptocurrency that tracks deaths linked to coronavirus, comes a new multiplayer intended to teach people about pathogens
The coronavirus has been officially deemed a pandemic. Image: Shutterstock.

The new malware, discovered by MalwareHunters last week, and investigated by Reason Security, steals information stored in internet browsers, such as logins, passwords, and cryptocurrency keys. 

Hackers combine this information with cookies and browser history to get at unsuspecting users’ private lives, including credit card details and crypto wallets. According to Reason Security, it searches for crypto wallets Electrum, Ethereum, and Exodus.

The malware is essentially a reskin of an old piece of software called AZORult, which security researchers first discovered in 2016. Only now, it’s called “Corona-virus.exe”, and provides you with a map of infections that look like the legitimate, real-time map of infections that Johns Hopkins University puts out.

Its payload, at a little over three megabytes, is small enough to slip by most users concerned by the virus, which has infected 118,322 and killed 4,292, according to a report from the World Health Organization yesterday. Governments worldwide are rushing to coordinate responses to curb contagion, and Europe and the US are moving toward nation-wide lockdowns. 

Info-stealers that steal crypto information are nothing new. A similar piece of malware, dubbed “Racoon”, also steals data from crypto wallets, and sells all that information on the dark web in exchange for (more) crypto. That malware, which first appeared in April, 2019, infects 29 chromium-based browsers, including Google Chrome, Opera, and Firefox. 

If you’ve downloaded CoronaMaps, consider putting your computer under quarantine, and isolating it for 14 days. And remember to wash those hands.

Tips

Have a news tip or inside information on a crypto, blockchain, or Web3 project? Email us at: tips@decrypt.co.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.