Malware creators are taking advantage of the coronavirus pandemic and spreading pandemic-themed malware to demand ransom from users. Since the pandemic has started spreading, security researchers have witnessed a surge in Coronavirus themed MBRLockers.
MBRLockers are a special type of malware that modifies the master boot record (MBR) of the victim’s computer so that it shows a ransom note before Windows boots up.
There are some notorious MBRLockers like Petya and GoldenEye that encrypt partition containing partition information of drives. Thus, it becomes impossible to rebuild the MBR unless the ransom code is entered.
Recently, MalwareHunterTeam discovered a new MBRLocker named “Coronavirus” targeting users with the Covid-19.exe file.
f632b6e822d69fb54b41f83a357ff65d8bfc67bc3e304e88bf4d9f0c4aedc224"coronavirus successfully installed"AnyRun (thanks to @JayTHL): https://t.co/vcEO1MvFfj@demonslay335 pic.twitter.com/6w4ZSnyADy
— MalwareHunterTeam (@malwrhunterteam) March 23, 2020
Once installed, the malware extracts users files to a folder in %Temp% and a batch file named coronavirus.bat is executed. Upon its execution, the extracted files are moved to C:COVID-19 folder. It configures programs ..
Support the originator by clicking the read the rest link below.
