{ "id": "ae344bc3-16f5-42f0-9d18-2ee30dfe3cb3", "created_at": "2026-04-06T00:20:59.982498Z", "updated_at": "2026-04-10T03:24:29.87011Z", "deleted_at": null, "sha1_hash": "348c15e8fe860a5f57c04cae9f73ab79ffd222ca", "title": "Fake \"Corona Antivirus\" distributes BlackNET remote administration tool | Malwarebytes Labs", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 5767603, "plain_text": "Fake \"Corona Antivirus\" distributes BlackNET remote\r\nadministration tool | Malwarebytes Labs\r\nBy Threat Intelligence Team\r\nPublished: 2020-03-22 · Archived: 2026-04-05 20:05:27 UTC\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 2 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 3 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 4 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 5 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 6 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 7 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 8 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 9 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 10 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 11 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 12 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 13 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 14 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 15 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 16 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 17 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 18 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 19 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 20 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 21 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 22 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 23 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 24 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 25 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 26 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 27 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 28 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 29 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 30 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 31 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 32 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 33 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 34 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 35 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 36 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 37 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 38 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 39 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 40 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 41 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 42 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 43 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 44 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 45 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 46 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 47 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 48 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 49 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 50 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 51 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 52 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 53 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 54 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 55 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 56 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 57 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 58 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 59 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 60 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 61 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 62 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 63 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 64 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 65 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 66 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 67 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 68 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 69 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 70 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 71 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 72 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 73 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 74 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 75 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 76 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 77 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 78 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 79 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 80 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 81 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 82 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 83 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 84 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 85 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 86 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 87 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 88 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 89 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 90 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 91 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 92 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 93 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 94 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 95 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 96 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 97 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 98 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 99 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 100 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 101 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 102 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 103 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 104 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 105 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 106 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 107 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 108 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 109 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 110 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 111 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 112 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 113 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 114 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 115 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 116 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 117 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 118 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 119 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 120 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 121 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 122 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 123 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 124 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 125 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 126 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 127 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 128 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 129 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 130 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 131 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 132 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 133 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 134 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 135 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 136 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 137 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 138 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 139 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 140 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 141 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 142 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 143 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 144 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 145 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 146 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 147 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 148 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 149 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 150 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 151 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 152 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 153 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 154 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 155 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 156 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 157 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 158 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 159 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 160 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 161 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 162 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 163 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 164 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 165 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 166 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 167 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 168 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 169 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 170 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 171 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 172 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 173 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 174 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 175 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 176 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 177 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 178 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 179 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 180 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 181 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 182 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 183 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 184 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 185 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 186 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 187 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 188 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 189 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 190 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 191 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 192 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 193 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 194 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 195 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 196 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 197 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 198 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 199 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 200 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 201 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 202 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 203 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 204 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 205 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 206 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 207 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 208 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 209 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 210 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 211 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 212 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 213 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 214 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 215 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 216 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 217 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 218 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 219 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 220 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 221 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 222 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 223 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 224 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 225 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 226 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 227 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 228 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 229 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 230 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 231 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 232 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 233 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 234 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 235 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 236 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 237 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 238 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 239 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 240 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 241 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 242 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 243 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 244 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 245 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 246 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 247 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 248 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 249 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 250 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 251 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 252 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 253 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 254 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 255 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 256 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 257 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 258 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 259 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 260 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 261 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 262 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 263 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 264 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 265 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 266 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 267 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 268 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 269 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 270 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 271 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 272 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 273 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 274 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 275 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 276 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 277 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 278 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 279 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 280 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 281 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 282 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 283 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 284 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 285 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 286 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 287 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 288 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 289 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 290 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 291 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 292 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 293 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 294 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 295 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 296 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 297 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 298 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 299 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 300 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 301 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 302 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 303 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 304 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 305 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 306 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 307 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 308 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 309 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 310 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 311 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 312 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 313 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 314 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 315 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 316 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 317 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 318 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 319 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 320 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 321 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 322 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 323 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 324 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 325 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 326 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 327 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 328 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 329 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 330 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 331 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 332 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 333 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 334 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 335 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 336 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 337 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 338 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 339 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 340 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 341 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 342 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 343 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 344 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 345 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 346 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 347 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 348 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 349 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 350 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 351 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 352 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 353 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 354 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 355 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 356 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 357 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 358 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 359 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 360 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 361 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 362 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 363 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 364 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 365 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 366 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 367 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 368 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 369 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 370 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 371 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 372 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 373 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 374 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 375 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 376 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 377 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 378 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 379 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 380 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 381 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 382 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 383 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 384 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 385 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 386 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 387 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 388 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 389 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 390 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 391 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 392 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 393 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 394 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 395 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 396 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 397 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 398 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 399 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 400 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 401 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 402 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 403 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 404 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 405 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 406 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 407 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 408 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 409 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 410 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 411 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 412 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 413 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 414 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 415 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 416 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 417 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 418 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 419 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 420 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 421 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 422 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 423 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 424 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 425 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 426 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 427 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 428 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 429 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 430 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 431 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 432 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 433 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 434 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 435 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 436 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 437 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 438 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 439 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 440 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 441 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 442 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 443 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 444 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 445 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 446 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 447 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 448 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 449 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 450 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 451 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 452 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 453 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 454 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 455 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 456 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 457 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 458 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 459 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 460 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 461 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 462 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 463 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 464 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 465 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 466 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 467 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 468 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 469 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 470 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 471 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 472 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 473 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 474 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 475 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 476 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 477 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 478 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 479 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 480 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 481 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 482 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 483 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 484 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 485 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 486 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 487 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 488 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 489 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 490 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 491 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 492 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 493 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 494 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 495 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 496 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 497 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 498 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 499 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 500 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 501 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 502 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 503 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 504 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 505 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 506 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 507 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 508 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 509 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 510 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 511 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 512 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 513 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 514 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 515 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 516 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 517 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 518 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 519 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 520 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 521 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 522 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 523 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 524 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 525 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 526 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 527 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 528 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 529 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 530 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 531 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 532 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 533 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 534 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 535 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 536 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 537 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 538 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 539 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 540 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 541 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 542 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 543 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 544 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 545 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 546 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 547 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 548 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 549 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 550 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 551 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 552 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 553 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 554 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 555 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 556 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 557 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 558 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 559 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 560 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 561 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 562 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 563 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 564 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 565 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 566 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 567 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 568 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 569 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 570 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 571 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 572 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 573 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 574 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 575 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 576 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 577 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 578 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 579 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 580 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 581 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 582 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 583 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 584 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 585 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 586 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 587 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 588 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 589 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 590 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 591 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 592 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 593 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 594 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 595 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 596 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 597 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 598 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 599 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 600 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 601 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 602 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 603 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 604 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 605 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 606 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 607 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 608 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 609 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 610 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 611 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 612 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 613 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 614 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 615 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 616 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 617 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 618 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 619 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 620 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 621 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 622 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 623 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 624 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 625 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 626 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 627 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 628 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 629 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 630 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 631 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 632 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 633 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 634 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 635 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 636 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 637 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 638 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 639 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 640 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 641 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 642 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 643 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 644 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 645 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 646 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 647 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 648 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 649 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 650 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 651 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 652 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 653 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 654 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 655 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 656 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 657 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 658 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 659 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 660 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 661 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 662 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 663 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 664 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 665 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 666 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 667 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 668 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 669 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 670 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 671 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 672 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 673 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 674 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 675 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 676 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 677 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 678 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 679 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 680 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 681 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 682 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 683 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 684 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 685 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 686 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 687 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 688 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 689 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 690 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 691 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 692 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 693 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 694 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 695 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 696 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 697 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 698 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 699 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 700 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 701 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 702 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 703 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 704 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 705 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 706 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 707 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 708 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 709 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 710 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 711 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 712 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 713 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 714 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 715 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 716 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 717 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 718 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 719 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 720 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 721 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 722 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 723 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 724 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 725 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 726 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 727 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 728 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 729 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 730 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 731 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 732 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 733 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 734 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 735 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 736 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 737 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 738 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 739 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 740 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 741 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 742 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 743 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 744 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 745 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 746 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 747 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 748 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 749 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 750 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 751 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 752 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 753 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 754 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 755 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 756 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 757 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 758 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 759 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 760 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 761 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 762 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 763 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 764 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 765 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 766 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 767 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 768 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 769 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 770 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 771 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 772 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 773 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 774 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 775 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 776 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 777 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 778 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 779 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 780 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 781 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 782 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 783 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 784 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 785 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 786 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 787 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 788 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 789 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 790 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 791 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 792 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 793 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 794 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 795 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 796 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 797 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 798 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 799 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 800 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 801 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 802 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 803 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 804 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 805 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 806 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 807 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 808 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 809 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 810 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 811 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 812 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 813 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 814 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 815 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 816 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 817 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 818 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 819 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 820 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 821 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 822 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 823 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 824 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 825 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 826 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 827 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 828 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 829 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 830 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 831 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 832 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 833 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 834 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 835 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 836 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 837 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 838 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 839 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 840 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 841 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 842 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 843 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 844 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 845 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 846 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 847 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 848 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 849 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 850 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 851 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 852 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 853 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 854 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 855 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 856 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 857 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 858 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 859 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 860 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 861 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 862 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 863 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 864 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 865 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 866 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 867 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 868 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 869 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 870 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 871 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 872 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 873 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 874 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 875 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 876 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 877 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 878 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 879 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 880 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 881 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 882 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 883 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 884 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 885 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 886 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 887 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 888 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 889 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 890 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 891 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 892 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 893 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 894 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 895 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 896 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 897 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 898 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 899 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 900 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 901 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 902 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 903 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 904 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 905 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 906 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 907 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 908 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 909 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 910 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 911 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 912 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 913 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 914 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 915 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 916 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 917 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 918 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 919 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 920 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 921 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 922 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 923 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 924 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 925 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 926 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 927 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 928 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 929 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 930 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 931 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 932 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 933 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 934 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 935 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 936 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 937 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 938 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 939 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 940 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 941 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 942 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 943 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 944 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 945 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 946 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 947 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 948 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 949 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 950 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 951 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 952 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 953 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 954 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 955 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 956 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 957 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 958 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 959 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 960 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 961 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 962 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 963 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 964 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 965 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 966 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 967 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 968 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 969 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 970 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 971 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 972 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 973 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 974 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 975 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 976 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 977 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 978 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 979 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 980 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 981 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 982 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 983 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 984 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 985 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 986 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 987 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 988 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 989 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 990 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 991 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 992 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 993 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 994 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 995 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 996 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 997 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 998 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 999 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1000 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1001 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1002 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1003 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1004 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1005 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1006 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1007 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1008 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1009 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1010 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1011 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1012 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1013 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1014 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1015 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1016 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1017 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1018 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1019 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1020 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1021 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1022 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1023 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1024 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1025 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1026 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1027 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1028 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1029 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1030 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1031 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1032 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1033 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1034 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1035 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1036 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1037 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1038 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1039 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1040 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1041 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1042 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1043 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1044 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1045 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1046 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1047 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1048 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1049 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1050 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1051 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1052 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1053 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1054 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1055 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1056 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1057 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1058 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1059 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1060 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1061 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1062 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1063 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1064 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1065 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1066 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1067 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1068 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1069 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1070 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1071 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1072 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1073 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1074 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1075 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1076 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1077 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1078 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1079 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1080 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1081 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1082 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1083 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1084 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1085 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1086 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1087 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1088 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1089 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1090 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1091 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1092 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1093 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1094 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1095 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1096 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1097 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1098 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1099 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1100 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1101 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1102 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1103 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1104 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1105 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1106 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1107 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1108 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1109 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1110 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1111 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1112 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1113 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1114 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1115 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1116 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1117 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1118 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1119 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1120 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1121 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1122 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1123 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1124 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1125 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1126 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1127 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1128 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1129 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1130 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1131 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1132 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1133 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1134 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1135 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1136 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1137 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1138 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1139 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1140 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1141 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1142 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1143 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1144 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1145 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1146 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1147 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1148 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1149 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1150 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1151 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1152 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1153 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1154 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1155 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1156 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1157 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1158 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1159 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1160 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1161 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1162 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1163 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1164 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1165 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1166 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1167 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1168 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1169 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1170 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1171 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1172 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1173 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1174 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1175 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1176 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1177 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1178 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1179 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1180 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1181 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1182 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1183 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1184 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1185 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1186 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1187 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1188 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1189 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1190 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1191 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1192 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1193 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1194 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1195 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1196 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1197 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1198 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1199 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1200 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1201 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1202 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1203 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1204 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1205 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1206 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1207 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1208 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1209 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1210 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1211 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1212 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1213 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1214 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1215 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1216 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1217 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1218 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1219 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1220 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1221 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1222 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1223 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1224 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1225 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1226 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1227 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1228 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1229 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1230 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1231 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1232 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1233 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1234 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1235 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1236 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1237 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1238 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1239 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1240 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1241 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1242 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1243 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1244 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1245 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1246 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1247 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1248 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1249 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1250 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1251 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1252 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1253 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1254 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1255 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1256 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1257 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1258 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1259 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1260 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1261 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1262 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1263 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1264 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1265 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1266 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1267 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1268 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1269 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1270 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1271 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1272 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1273 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1274 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1275 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1276 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1277 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1278 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1279 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1280 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1281 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1282 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1283 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1284 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1285 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1286 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1287 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1288 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1289 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1290 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1291 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1292 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1293 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1294 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1295 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1296 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1297 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1298 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1299 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1300 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1301 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1302 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1303 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1304 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1305 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1306 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1307 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1308 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1309 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1310 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1311 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1312 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1313 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1314 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1315 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1316 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1317 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1318 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1319 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1320 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1321 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1322 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1323 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1324 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1325 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1326 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1327 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1328 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1329 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1330 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1331 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1332 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1333 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1334 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1335 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1336 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1337 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1338 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1339 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1340 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1341 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1342 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1343 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1344 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1345 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1346 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1347 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1348 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1349 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1350 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1351 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1352 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1353 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1354 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1355 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1356 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1357 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1358 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1359 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1360 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1361 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1362 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1363 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1364 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1365 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1366 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1367 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1368 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1369 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1370 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1371 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1372 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1373 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1374 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1375 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1376 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1377 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1378 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1379 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1380 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1381 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1382 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1383 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1384 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1385 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1386 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1387 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1388 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1389 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1390 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1391 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1392 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1393 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1394 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1395 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1396 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1397 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1398 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1399 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1400 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1401 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1402 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1403 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1404 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1405 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1406 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1407 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1408 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1409 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1410 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1411 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1412 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1413 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1414 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1415 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1416 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1417 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1418 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1419 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1420 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1421 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1422 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1423 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1424 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1425 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1426 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1427 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1428 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1429 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1430 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1431 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1432 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1433 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1434 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1435 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1436 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1437 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1438 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1439 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1440 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1441 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1442 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1443 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1444 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1445 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1446 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1447 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1448 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1449 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1450 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1451 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1452 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1453 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1454 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1455 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1456 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1457 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1458 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1459 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1460 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1461 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1462 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1463 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1464 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1465 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1466 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1467 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1468 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1469 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1470 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1471 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1472 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1473 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1474 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1475 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1476 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1477 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1478 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1479 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1480 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1481 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1482 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1483 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1484 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1485 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1486 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1487 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1488 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1489 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1490 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1491 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1492 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1493 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1494 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1495 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1496 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1497 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1498 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1499 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1500 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1501 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1502 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1503 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1504 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1505 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1506 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1507 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1508 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1509 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1510 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1511 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1512 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1513 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1514 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1515 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1516 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1517 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1518 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1519 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1520 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1521 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1522 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1523 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1524 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1525 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1526 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1527 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1528 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1529 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1530 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1531 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1532 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1533 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1534 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1535 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1536 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1537 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1538 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1539 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1540 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1541 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1542 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1543 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1544 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1545 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1546 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1547 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1548 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1549 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1550 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1551 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1552 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1553 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1554 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1555 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1556 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1557 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1558 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1559 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1560 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1561 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1562 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1563 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1564 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1565 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1566 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1567 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1568 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1569 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1570 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1571 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1572 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1573 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1574 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1575 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1576 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1577 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1578 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1579 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1580 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1581 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1582 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1583 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1584 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1585 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1586 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1587 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1588 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1589 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1590 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1591 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1592 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1593 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1594 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1595 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1596 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1597 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1598 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1599 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1600 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1601 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1602 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1603 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1604 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1605 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1606 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1607 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1608 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1609 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1610 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1611 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1612 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1613 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1614 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1615 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1616 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1617 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1618 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1619 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1620 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1621 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1622 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1623 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1624 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1625 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1626 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1627 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1628 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1629 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1630 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1631 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1632 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1633 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1634 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1635 of 1696\n\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1636 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1637 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1638 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1639 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1640 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1641 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1642 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1643 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1644 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1645 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1646 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1647 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1648 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1649 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1650 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1651 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1652 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1653 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1654 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1655 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1656 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1657 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1658 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1659 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1660 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1661 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1662 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1663 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1664 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1665 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1666 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1667 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1668 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1669 of 1696\n\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1670 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1671 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1672 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1673 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1674 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1675 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1676 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1677 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1678 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1679 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1680 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1681 of 1696\n\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1682 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1683 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1684 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1685 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1686 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1687 of 1696\n\napp is running.\r\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1688 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1689 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1690 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nScammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a\r\nnumber of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but\r\nespecially data stealers.\r\nAs more of us work from home, the need to secure your computer, especially if you are connecting to your\r\ncompany’s network, becomes more important. However, you should be extra careful of bogus security software,\r\nespecially if it tries to use the coronavirus as a selling point.\r\nCorona antivirus: 100% fake\r\nThe latest scam we found is a website (antivirus-covid19[.]site) advertising “Corona Antivirus -World’s best\r\nprotection.” That’s right, scammers are trying to get you to install a digital antivirus that supposedly protects\r\nagainst the actual COVID-19 virus infecting people across the world.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1691 of 1696\n\nTo add to the nonsense, the site goes on by adding:\r\nOur scientists from Harvard University have been working on a special AI development to combat the\r\nvirus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the\r\napp is running.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1692 of 1696\n\nInfected victims added to BlackNET RAT\r\nUpon installing this application, your computer will be infected with malware. The file, packed with the\r\ncommercial packer Themida turns your PC into a bot ready to receive commands:\r\nhxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed] hxxps[://]instaboom-hello[.]site//g\r\nThe command and control server hosted at instaboom-hello[.]site reveals the control panel for the BlackNET\r\nbotnet.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1693 of 1696\n\nThe full source code for this toolkit was published on GitHub a month ago. Some of its features include:\r\nDeploying DDOS attacks\r\nTaking screenshots\r\nStealing Firefox cookies\r\nStealing saved passwords\r\nImplementing a keylogger\r\nExecuting scripts\r\nStealing Bitcoin wallets\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1694 of 1696\n\nChoose the right protection\r\nDuring this period, it is important to stay safe both at home and online. The number of scams we have seen during\r\nthese past few weeks shows that criminals will take advantage of any situation, no matter how dire it is.\r\nWe recommend that you keep your computer up to date and use extra caution when downloading new programs.\r\nBeware of instant notifications and other messages, even if they appear to come from friends.\r\nMalwarebytes users were already protected even though we had not seen this malware sample before, thanks to\r\nour Machine learning engine.\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1695 of 1696\n\nWe also informed CloudFlare since the threat actors were abusing their service and they took immediate action to\r\nflag this website as a phish.\r\nIndicators of compromise\r\nMalicious site\r\nantivirus-covid19[.]site\r\nBogus corona antivirus\r\nantivirus-covid19[.]site/update.exe\r\n146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4\r\nC2 panel\r\ninstaboom-hello[.]site\r\nSource: https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nhttps://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/\r\nPage 1696 of 1696", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/" ], "report_names": [ "fake-corona-antivirus-distributes-blacknet-remote-administration-tool" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434859, "ts_updated_at": 1775791469, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/348c15e8fe860a5f57c04cae9f73ab79ffd222ca.pdf", "text": "https://archive.orkl.eu/348c15e8fe860a5f57c04cae9f73ab79ffd222ca.txt", "img": "https://archive.orkl.eu/348c15e8fe860a5f57c04cae9f73ab79ffd222ca.jpg" } }