Hackers are using Fake Coronavirus Maps to steal personal information and spread the malware

While the World Health Organisation declared Covid19 pandemic and are taking measures to curb the further spread, they have started mapping the affected areas using Coronavirus Maps. It helps in knowing the severely affected areas that will help them take security measures and further issue instructions on the outbreak, hackers have found a way to take advantage of the same. The hackers have created a malware a replica of Coronavirus maps that are used to steal personal data of the users. 

The security researcher of Reasons Lab, ShaiAlfasi first spotted the malware and said that the hackers are trying to secure personal data like passwords, credit card information, etc. that are stored in web browsers. The replica malware has a few modifications that make it different from the Corona Maps, but no one can notice it quickly. 

The software used in the malware is AZORult which is used by many malware spreading hackers to steal information. AZORult was designed as an information stealer and was identified in 2016 as software that downloads further malware in the infected systems. 

Unique id of the victim is created, and the data is extracted then XOR encryption is applied, and C2 communication is established. 

At the outbreak of Coronavirus, many industries are witnessing negative impacts, especially the technology and finance industries, but it seems like hackers are making the most of the worst situations.

It is highly advised to use an advanced anti-virus to ensure restriction on the cyberattack. Double-check the website and read the reviews before downloading or installing anything from the web, keep the anti-virus updated and keep scanning the system to avoid such attacks. These precautionary measures will keep you and your private life secure while the world is grappling from the epidemic and hackers are taking advantage. 

Whoops! There was an error.
ErrorException (E_NOTICE)
ob_end_flush(): failed to send buffer of zlib output compression (0) ErrorException thrown with message "ob_end_flush(): failed to send buffer of zlib output compression (0)" Stacktrace: #4 ErrorException in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #3 ob_end_flush in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #2 Symfony\Component\HttpFoundation\Response:closeOutputBuffers in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:381 #1 Symfony\Component\HttpFoundation\Response:send in /home/streakshot/public_html/public/index.php:58 #0 require_once in /home/streakshot/public_html/index.php:21
4
ErrorException
/vendor/symfony/http-foundation/Response.php1219
3
ob_end_flush
/vendor/symfony/http-foundation/Response.php1219
2
Symfony\Component\HttpFoundation\Response closeOutputBuffers
/vendor/symfony/http-foundation/Response.php381
1
Symfony\Component\HttpFoundation\Response send
/public/index.php58
0
require_once
/index.php21
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
Arguments
  1. "ob_end_flush(): failed to send buffer of zlib output compression (0)"
    
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        echo $this->content;
 
        return $this;
    }
 
    /**
     * Sends HTTP headers and content.
     *
     * @return $this
     */
    public function send()
    {
        $this->sendHeaders();
        $this->sendContent();
 
        if (\function_exists('fastcgi_finish_request')) {
            fastcgi_finish_request();
        } elseif (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
            static::closeOutputBuffers(0, true);
        }
 
        return $this;
    }
 
    /**
     * Sets the response content.
     *
     * Valid types are strings, numbers, null, and objects that implement a __toString() method.
     *
     * @param mixed $content Content that can be cast to string
     *
     * @return $this
     *
     * @throws \UnexpectedValueException
     */
    public function setContent($content)
    {
        if (null !== $content && !\is_string($content) && !is_numeric($content) && !\is_callable([$content, '__toString'])) {
            throw new \UnexpectedValueException(sprintf('The Response content must be a string or object implementing __toString(), "%s" given.', \gettype($content)));
Arguments
  1. 0
    
  2. true
    
/home/streakshot/public_html/public/index.php
 
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
 
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
 
$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);
 
$response->send();
 
$kernel->terminate($request, $response);
 
/home/streakshot/public_html/index.php
 
/**
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
 * @author   Taylor Otwell <taylor@laravel.com>
 */
 
$uri = urldecode(
    parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);
 
// This file allows us to emulate Apache's "mod_rewrite" functionality from the
// built-in PHP web server. This provides a convenient way to test a Laravel
// application without having installed a "real" web server software here.
if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {
    return false;
}
 
require_once __DIR__.'/public/index.php';
 
Arguments
  1. "/home/streakshot/public_html/public/index.php"
    

Environment & details:

empty
empty
empty
empty
empty
Key Value
TZ
"Asia/Kolkata"
REDIRECT_REDIRECT_UNIQUE_ID
"YrZhY0tFZDvdTDsRtc-zrgAAABg"
REDIRECT_REDIRECT_SCRIPT_URL
"/technology/hackers-are-using-fake-coronavirus-maps"
REDIRECT_REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/hackers-are-using-fake-coronavirus-maps"
REDIRECT_REDIRECT_HTTPS
"on"
REDIRECT_REDIRECT_SSL_TLS_SNI
"streakshot.com"
REDIRECT_REDIRECT_STATUS
"200"
REDIRECT_UNIQUE_ID
"YrZhY0tFZDvdTDsRtc-zrgAAABg"
REDIRECT_SCRIPT_URL
"/technology/hackers-are-using-fake-coronavirus-maps"
REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/hackers-are-using-fake-coronavirus-maps"
REDIRECT_HTTPS
"on"
REDIRECT_SSL_TLS_SNI
"streakshot.com"
REDIRECT_HANDLER
"application/x-httpd-ea-php72"
REDIRECT_STATUS
"200"
UNIQUE_ID
"YrZhY0tFZDvdTDsRtc-zrgAAABg"
SCRIPT_URL
"/technology/hackers-are-using-fake-coronavirus-maps"
SCRIPT_URI
"https://streakshot.com/technology/hackers-are-using-fake-coronavirus-maps"
HTTPS
"on"
SSL_TLS_SNI
"streakshot.com"
HTTP_USER_AGENT
"CCBot/2.0 (https://commoncrawl.org/faq/)"
HTTP_ACCEPT
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_LANGUAGE
"en-US,en;q=0.5"
HTTP_IF_MODIFIED_SINCE
"Thu, 27 Jan 2022 08:08:45 GMT"
HTTP_ACCEPT_ENCODING
"br,gzip"
HTTP_HOST
"streakshot.com"
HTTP_CONNECTION
"Keep-Alive"
HTTP_X_HTTPS
"1"
PATH
"/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin"
SERVER_SIGNATURE
""
SERVER_SOFTWARE
"Apache"
SERVER_NAME
"streakshot.com"
SERVER_ADDR
"62.210.127.245"
SERVER_PORT
"443"
REMOTE_ADDR
"44.192.65.228"
DOCUMENT_ROOT
"/home/streakshot/public_html"
REQUEST_SCHEME
"https"
CONTEXT_PREFIX
"/cgi-sys"
CONTEXT_DOCUMENT_ROOT
"/usr/local/cpanel/cgi-sys/"
SERVER_ADMIN
"webmaster@streakshot.com"
SCRIPT_FILENAME
"/home/streakshot/public_html/index.php"
REMOTE_PORT
"47736"
REDIRECT_URL
"/index.php"
GATEWAY_INTERFACE
"CGI/1.1"
SERVER_PROTOCOL
"HTTP/1.1"
REQUEST_METHOD
"GET"
QUERY_STRING
""
REQUEST_URI
"/technology/hackers-are-using-fake-coronavirus-maps"
SCRIPT_NAME
"/index.php"
ORIG_SCRIPT_FILENAME
"/usr/local/cpanel/cgi-sys/ea-php72"
ORIG_PATH_INFO
"/index.php"
ORIG_PATH_TRANSLATED
"/home/streakshot/public_html/index.php"
ORIG_SCRIPT_NAME
"/cgi-sys/ea-php72"
PHP_SELF
"/index.php"
REQUEST_TIME_FLOAT
1656119651.1209
REQUEST_TIME
1656119651
argv
[]
argc
0
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
Key Value
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
0. Whoops\Handler\PrettyPageHandler