Be careful what you ask for, you might get it right up the wazoo
In other words accept software only from trusted sites.Live Coronavirus Map Used to Spread MalwareMalware distributors "have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software," reports security researcher Brian Krebs:
In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.
The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller's certificate. "It loads [a] fully working online map of Corona Virus infected areas and other data," the seller explains. "Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral...!" The sales thread claims the customer's payload can be bundled with the Java-based map into a filename that most Webmail providers allow in sent messages... The seller says the user/victim has to have Java installed for the map and exploit to work, but that it will work even on fully patched versions of Java...
slashdot
