The U.S. Dept. of Health & Human Services and the U.S. Health Sector Cybersecurity Coordination Center have posted a notice about a malicious website related to the coronavirus. The website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the internet for a Coronavirus map could unwittingly navigate to this malicious website.
We are advised that end users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. Read the actual notice here.