The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Reason Labs: Cybercrime exploit Coronavirus map of threats to spread AZORult malware
Cybercrime is spreading malware, exploiting the Coronavirus pandemia and the COVID-19 Map of Threats. It has been discovered by Reason Labs cyber security experts. Shai Alfasi, found and analyzed a malicious code that had weaponized virus map applications in order to steal credentials such as user names, passwords, credit card numbers and other sensitive information that is stored in the users’ browser. Attackers can use this information for many other operations as well, such as selling it on the deep web or for gaining access to bank accounts or social media. The new malware activates a strain of AZORult. It is an information stealer and was first discovered in 2016. It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines.
The cyber security experts: The fake apps have Graphical User Interfaces (GUI) very convincing, but the malicious code steal information
According to the cyber security experts, cybercrime took advantage of the high request for accurate information about the Coronavirus. The apps collects private data which the hackers can use to selling on the Deep Web, accessing social media, or exploiting bank accounts. One of the malicious software is Corona-virus-Map.com.exe. It is 3.26MB and since it is present in .exe format, can only infect Windows machines as of now. It has a Graphical User Interface (GUI) that looks very good and convincing. When running the malware, in facts, the COVID-19 malicious code GUI window loads information, which pools from the web. Furthermore the AZORult variant uses a few layers of packing as well as a multi-sub-process technique to make research more difficult, and the “Task Scheduler” to maintain persistence.