Warning: Malware Disguised as 'COVID-19 Real-Time Status' Program

[Asia Economy Reporter Jin-gyu Lee] East Security announced on the 25th that a malicious code disguised as a 'COVID-19 real-time status' inquiry program has been discovered.

The newly discovered malicious code is an executable program (EXE) using file names such as 'Corona Domestic Status' and 'Domestic Corona Real-time Status.' When the file is executed, a popup window titled 'Real-time COVID-19 Status' appears.

The popup window displays four items with corresponding numerical information, such as confirmed cases, released from quarantine (recovered), deaths, and under testing, as if showing the actual COVID-19 infection status. During this process, the malicious program secretly installs another malicious code automatically in the user's PC temporary folder.

If infected with the newly created malicious code, the user's PC is exposed to various attacks including ▲remote control ▲keylogging that secretly intercepts keyboard input ▲screen capture ▲additional malicious code installation ▲information theft.

An East Security official stated, "The malicious program discovered this time is judged not to have been widely distributed yet," adding, "However, since it includes an actual RAT malicious module, the possibility of similar variant threats cannot be excluded."

Moon Jong-hyun, Director of the ESRC Center, said, "Since late January, the early stage of COVID-19 spread, advertising texts and phishing emails exploiting the keyword 'Corona' have been continuously found," and urged, "We recommend verifying COVID-19 related information from reliable sources such as the official website of the Korea Disease Control and Prevention Agency."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.