
The Covid-19 Hoax Scareware
March 13, 2020
SonicWall Capture Labs Threat Research Team observed another malware taking advantage of the COVID-19(Coronavirus) fear. We have already highlighted malware in our blogs that uses Covid-19 name to spread further.
The sample pretends to be a ransomware by displaying ransom note as shown below though in reality it does not encrypt any file.
Upon execution, it adds a run entry for persistence.
To scare the victim, a number of security warning messages are displayed as shown below:
SonicWall Capture Labs provides protection against this threat via the following signature:
GAV: Scareware.CoVid_A (Trojan)
This threat is also detected by SonicWALL Capture ATP.