Attackers are taking advantage of the truly global nature of the COVID-19 crisis, launching multiple attacks that use “coronavirus” in various languages. Machine learning-based detections in Microsoft Defender ATP take note of these translations and ensure durable protection.
For example, we saw a campaign that uses an info-stealing malware with "koronawirus" (Polish) in its file name (koronawirus.exe). This malware steals credentials for a popular chat application. (SHA-256: 3ccd9cadb7dbb277846852ee95be1ffce5961aaa9368885d3a06e80a2358eaa5).
We also found malware payloads that disable software with "koronavirus" (Slovenian) in the PDB path: C:\\Users\\KoronaVirus\\Desktop\\Projects\\HackScript\\HackScript\\obj\\Debug\\HackScript.pdb (SHA-256: f95d59b2b7418f9b2dfcad5d8e3295f0a61d42af784f91091173192e7b35085b)
We also saw malicious LNK files that have "코로나 바이러스" (Korean) in the description field of their file details. These files are used to run malware implants used in attacks. (SHA-256: 89f03883d760b9a3eab805c31044fa474209a1dd32c4e102989b8188bca84959)
You can follow @MsftSecIntel.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more