COVID-19 the virus that became pandemic and locked down several countries has now become a new tool for hackers as many people browse the web to access any relevant information regarding affected countries across the globe.

Hackers have been taking advantage of this trend and distributing fake Coronavirus maps that show users all the affected areas. Once installed, a dangerous malware, the AZORult Trojan, hidden inside the app starts functioning in the background of the computer to gather sensitive data.

The execution process of the virus contains not only the Corona-virus-Map.exe but also other included executables such as Bin.exe, Corona.exe, Build.exe, and Windows.Globalization.Fontgroups.exe.

Researchers from Reasons Labs made an internal investigation on the Bin.exe code that was included in the malware and discovered that it was suited for searching various digital currency wallets such as Ethereum and Electrum, Telegram Desktop, & Steam accounts. The findings are screenshotted by the virus and saved in the scr.jpg file, & the IP address of the computer is kept in the ip.txt component. Nevertheless, the Trojan virus is capable of gathering various system-related details such as the type of OS used, hostname, username, and architecture.

Users infected with a malicious software through Corona-virus-Map.exe or another source, will not notice anything suspicious at first. Trojans and other malware sneak into the system and stay silent to be persistent for a longer period of time.

Some signs that could be noticed if infected with this malicious software are: the CPU power rising for no accurate reason, programs operating slowly, difficulty minimizing and maximizing windows, & the computer system becoming sluggish. Some other symptoms might include unknown processes running in the Windows Task Manager & suspicious entries placed in the Windows Registry.