The Covid-19 Hoax Scareware

March 13, 2020

SonicWall Capture Labs Threat Research Team observed another malware taking advantage of the COVID-19(Coronavirus) fear. We have already highlighted malware in our blogs that uses Covid-19 name to spread further.

The sample pretends to be a ransomware by displaying ransom note as shown below though in reality it does not encrypt any file.

Upon execution, it adds a run entry for persistence.

To scare the victim, a number of security warning messages are displayed as shown below:

SonicWall Capture Labs provides protection against this threat via the following signature:

GAV: Scareware.CoVid_A (Trojan)

This threat is also detected by SonicWALL Capture ATP.