Rewterz Threat Alert – More Covid-19 Malicious URLs

Severity

Medium

More covid-19 malicious domains are seen as the pandemic of Coronavirus continues to increase in a rapid manner. Threat actors are continuously registering covid19 domains and targeting users to rob of their credentials and their sensitive data for their gains. It shows that the threat actors are eager to cash into the situation of this epidemic and make the most of the situation. More people are going online to put up coronavirus scam sites or to sell counterfeit surgical masks; fake self-testing kits for HIV and glucose monitoring; and/or bogus antiviral meds, chloroquine. 

Impact

• Credential theft
• Information theft
• Exposure of sensitive data
• Financial loss

Indicators of Compromise

URL

• http[:]//googlecovid-19[.]com
• http[:]//googleecovid19[.]com
• http[:]//wwwgooglecovid19[.]com
• http[:]//covid19-netflix[.]com
• http[:]//googlecovid199[.]com
• http[:]//samsungcoronavirus[.]com
• http[:]//googlecovid29[.]com
• http[:]//4accountsecure-facebookcovid19petition[.]ga
• http[:]//googlecovid9[.]com
• http[:]//coronavirusmicrosoft[.]com
• http[:]//netflix-covid19[.]com
• http[:]//googlecoronavirus[.]com
• http[:]//googlecovid119[.]com
• http[:]//my7secure-facebookcovid19petition[.]cf
• http[:]//covid19google[.]com
• http[:]//facebookcovid19[.]com

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on he links attachments sent by unknown senders.