Rewterz Threat Alert – Covid-19 Malicious URLs

April 13, 2020

Severity

Medium

Analysis Summary

As the world continues to fight with the novel Coronavius, the rise in the activities of the threat actors to exploit the situation to rob the users of their vital data and information for their gains has gone up rapidly. It shows that the threat actors are eager to cash into the situation of this epidemic and make the most of the situation. Thousands of shady websites containing Covid , Corona, Covid19 are luring users to either check if they’re infected or not or rob into their credentials via phishing emails. The number has been on the rise and it shows the desperation of the threat actors to make an impact in this crisis.

While some of the threat actors are using donation scams to help other people fighting the situation using as close to the real name of the charities while others are trying to lure users with the official image of the governing body WHO.

The rapid rise in the number of domain registrations is huge and the it carries on growing day by day. Threat actors are capatilizing this opportunity and robbing off people with the valuable data and financial loss as well.

Impact

Credential theft
Information theft
Exposure of sensitive data
Financial loss

Indicators of Compromise

URL

http[:]//business-facebook-covid19[.]com
http[:]//covid19remediationservices[.]com
http[:]//riddoffcovid19[.]xyz
http[:]//covid19abatementservices[.]com
http[:]//googlecoronaviras[.]com
http[:]//googlecoronavieus[.]com
http[:]//googlecoronavirys[.]com
http[:]//googlecoronaviru[.]com
http[:]//www[.]ciicovid19update[.]in
http[:]//coronasmask[.]space
http[:]//coronariennes[.]northsidefleamarket[.]com
http[:]//coronariennes[.]inspectortips[.]net
http[:]//www[.]covidvirus[.]guru
http[:]//covidvirus[.]guru

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on he links attachments sent by unknown senders.