Hackers are making malware-infected coronavirus maps to harvest personal information

One of the most popular interactive pandemic update maps has been copied and distributed by malicious actors

By Matthew Rozsa

Staff Writer

Published March 13, 2020 6:00PM (EDT)

The Johns Hopkins Center for Systems Science and Engineering created this near-real-time tracking map of coronavirus infections and deaths. (The Johns Hopkins Center for Systems Science and Engineering)
The Johns Hopkins Center for Systems Science and Engineering created this near-real-time tracking map of coronavirus infections and deaths. (The Johns Hopkins Center for Systems Science and Engineering)

A journalist with expertise on cybercrime reported on Thursday that hackers are trying to take advantage of the public's concern about the COVID-19 pandemic to infect users' computers with malware.

"In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware," Brian Krebs, a former reporter for The Washington Post who now writes for the blog Krebs On Security, explained in an article on Thursday. "Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller's certificate."

The Johns Hopkins University COVID-19 map described by Krebs is an interactive dashboard of coronavirus infections and deaths available on the Johns Hopkins University website. The frequently-updated interactive map has been a popular online resource for those following the ongoing pandemic. 

"As long as this pandemic remains front-page news, malware purveyors will continue to use it as lures to snare the unwary," Krebs writes. "Keep your guard up, and avoid opening attachments sent unbidden in emails — even if they appear to come from someone you know."

Russian hackers are not alone in trying to take advantage of the coronavirus panic. A group of Chinese hackers, referred to as Vicious Panda by cybersecurity researchers at the Israeli-based technology company Check Point, have tricked people into sharing sensitive personal information by using a fake document purportedly from the Mongolian Health Ministry. Another cybersecurity company, FireEye, has learned about cybersecurity threats emanating from China and North Korea as well as Russia. It found that the Chinese hacking groups tend to target East Asia, while the Russian hacking groups target Ukraine, and the suspected North Korean hacking groups target a South Korean nongovernmental organization.

The reports of malware designed to prey on coronavirus fears point to the potential for  bad actors to spread misinformation about the coronavirus. Thousands of Russia-linked social media accounts have been spreading misinformation about the coronavirus since the outbreak became international news.

"Russia's intent is to sow discord and undermine US institutions and alliances from within, including through covert and coercive malign influence campaigns," Philip Reeker, the acting assistant secretary of state for Europe and Eurasia, told Agence France-Presse last month. "By spreading disinformation about coronavirus, Russian malign actors are once again choosing to threaten public safety by distracting from the global health response."

These accounts have spread false messages including claims that the coronavirus is a biological weapon engineered by the CIA and that it is part of a US effort to hurt China's economy. Such hackers also pose a threat because, according to Foreign Policy magazine, "the far greater vulnerability lies in the United States' poorly protected emergency-reponse infrastructure, including the health surveillance systems used to monitor and track the epidemic. By hacking these systems and corrupting medical data, states with formidable cybercapabilities can change and manipulate data right at the source."

Since reaching the U.S., the COVID-19 outbreak has led to mass flight cancellations, the suspension of the NBA season and the postponement of major motion picture releases. The Trump administration has been criticized for policies that have made it more difficult for the U.S. to respond to the pandemic, including cutting public health funds and lying about the extent of the threat posed to the American people.

In an emailed statement, Rep. Matt Cartwright, D-Pa., told Salon on Thursday that the decision by Trump's budget director to cut the future CDC budget "fit a pattern within the administration of gutting our preparedness resources for infectious disease outbreaks."

"The way I see it, this lack of investment is a key reason why we find ourselves behind the eight-ball today," Cartwright explained. "Right now, it's critical that we move quickly to pass additional response legislation that puts workers and families first as this virus continues to disrupt our lives and our economy. Going forward, we need to work together to ensure the government is fully prepared for future viral outbreaks."


By Matthew Rozsa

Matthew Rozsa is a staff writer at Salon. He received a Master's Degree in History from Rutgers-Newark in 2012 and was awarded a science journalism fellowship from the Metcalf Institute in 2022.

MORE FROM Matthew Rozsa