Fake govt-issued COVID-19 contact tracing apps spread spyware

These malicious COVID-19 apps also drop nasty pieces of malware including Anubis and SpyNote.

These malicious apps also drop nasty pieces of malware including Anubis and SpyNote.

There’s no surprise that cybercriminals have been using the Coronavirus (COVID-19) pandemic to carry out scams and cyber attacks against unsuspected users and businesses. What’s worse is that even hospitals and testing facilities have also faced the wrath of criminal elements.

In the latest, the IT security researchers at Anomali have discovered yet another scam in which attackers are using fake COVID-19 contact tracing apps to infect Android devices. These malicious apps drop spyware, trojan, and adware on targeted devices across the globe. 

See: Fake Coronavirus vaccine, patients’ blood & saliva sold on dark web

What’s noteworthy is these fake apps mimic official government-issued apps for COVID-19 contact tracing. According to researchers, there are 12 such apps scamming users in 10 countries including Armenia, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia, and Singapore.

The researchers further warned that the ongoing attack drops payloads like Anubis and SpyNote. For your information, Anubis is a nasty piece of Android banking trojan that aims at users’ financial as well as personal data.

In January 2019, two Play Store apps infected with Anubis trojan were found utilizing motion-sensor inputs from the mobile devices to spread its infection.

On the other hand, SpyNote (RAT) was identified in August 2016 on a dark web hacker forum. The trojan doesn’t require root access in order to take full control of an infected device and aims at the personal and financial data of Android users.

Hide your IP address & surf Internet anonymously with IPVanish

Here are the countries and names of malicious apps shared by Anomali:

The good news is that these apps haven’t made it to Google Play yet but it won’t be a surprise if they did. For now, third-party websites and app stores are responsible for the campaign’s successful spread.

“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies. The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse,” Anomali’s researchers wrote in their blog post.

Android users concerned about COVID-19 infection should watch out for such scams. In April 2020, researchers had identified attackers infecting Android and iOS devices with spyware distributed through apps titled “Coronavirus Updates.”

See: Chinese COVID-19 detection firm hacked; source code sold on dark web

Therefore, it is advised not to download apps from a third-party apps store and also avoid downloading unnecessary apps from Google Play Store. Also, use a reliable anti-virus, scan your device regularly, and keep its operating system upgraded.

If you would like to learn more about the growing threats against smartphones here is a detailed writeup alerting users on how to keep themselves protected.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts