Rewterz Threat Alert – Malicious URLs – Covid-19

Severity

Medium

Analysis Summary

The rise in registering malicious Covid-19 domains continues as threat actors are continuously cashing in on the situation of the global pandemic of CoronaVirus. Thousands of malicious URLs are being registered everyday in lieu to rob the users of their sensitive data and information. It has been seen that the threat actors have continued to carry on their malicious activities in this global crisis. While some of the threat actors are using donation scams to help other people fighting the situation using as close to the real name of the charities while others are trying to lure users with the lookalike URLs of Microsoft, Google, Facebook and other social media and search engines domains.

Impact

• Credential theft
• Information theft
• Exposure of sensitive data

Indicators of Compromise

URL

• http[:]//covid19remediationservices[.]com
• http[:]//riddoffcovid19[.]xyz
• http[:]//covid19abatementservices[.]com
• http[:]//googlecoronaviras[.]com
• http[:]//googlecoronavieus[.]com
• http[:]//googlecoronavirys[.]com
• http[:]//googlecoronaviru[.]com
• http[:]//coronasmask[.]space
• http[:]//www[.]covidvirus[.]guru
• http[:]//covidvirus[.]guru
• http[:]//covid-19microsoft[.]com
• http[:]//ggooglecovid19[.]com
• http[:]//googlecorona[.]com
• http[:]//googlecovid[.]com
• http[:]//xmysecure2-facebookcovid19petition[.]ga
• http[:]//googleccovid19[.]com

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.