As is usual in all events around the world, malicious software appears to spoil it to enhance the opportunity of its spread among users, and today there are several malware camouflaging itself with names associated with the Corona or Covid-19 virus that delete user files or manipulate the boot sequence and even request a financial ransom.
Security researchers have so far found four malware that disguises itself as corona. Two of them are able to adjust the boot sequence so that when you restart the computer it does not boot as normal.
One of those programs is called MalwareHunterTeam and it downloads an executable file named COVID-19.exe and infects the computer in two stages: The first one displays a annoying popup window that you cannot close because it disables Task Manager.
In the meantime, the second stage is implemented where the software modifies the boot sequence log so that when you want to restart the computer to get rid of it, it does not boot to Windows but a new screen of its own appears.
There is another malware of the type of ransomware, but it is related to CoronaVirus ransomware, where it steals passwords on the computer and then requests a financial ransom, but it is practically not intended to obtain the ransom, but is just a camouflage attempt in preparation for readjusting the boot sequence as well.
And this software is the most dangerous. Not only does it modify the boot sequence, steal passwords, and camouflage with a financial ransom request, but even deletes the user’s files if their developer wants to do so.
It is noticed in all the discovered software that some of them contain inactive software codes and are subject to the instructions sent by their developer, and in some of them the codes have been modified by launching new versions. Instead of deleting files, the computer lock screen appears.
Some of that software appeared since last February, but it was aimed at users in China only where the file name was in Chinese, and there is no confirmed information about its spread globally.
But there is other software that has started to spread in countries that suffer more from the Corona virus, such as Italy.