Cyber security experts: DNS settings are changed to show victims WHO fake APP on COVID-19. This installs the Oski trojan which exfiltrates the victim's data.
KELA experts: the AES-256 algorithm inhibits the ability of malware to extract passwords from the browser. This is also confirmed by the contraction of data on Genesis, the cybercrime shop.
WebARX cyber security researchers: bugs in authentication logic allow this to be bypassed and administrator access without the need for valid credentials.
CertPa cyber security experts: A malware campaign is underway with spear phishing attacks on the occasion of Christmas. Proofpoint: They also target .edu domains.
Microsoft cyber security experts: the goal is to spread a backdoor Trojan, exploiting an old vulnerability. Probably there will be new malspam campaigns with same characteristics.