With the entire world moving to a lockdown, cyber-criminals are exploiting people’s habit of relying on mobile apps for information on Covid-19 (Coronavirus). Even Android app developers are attempting to capitalise on the growing number of people who are turning to apps, to help them understand the coronavirus crisis better, shows Bitdefender research.
“Capitalising on the Coronavirus scare may seem like an awful thing to do, but cyber-criminals have been using it to trick victims into downloading infected applications, download malicious attachments, and even visit fraudulent websites, before Covid-19 was officially declared a pandemic,” said Adrian Liviu Arsene, global cyber-security researcher at Bitdefender.
“The Coronavirus pandemic is just the latest in a long line of similar campaigns, except now they can scale their operation at a global scare as everyone is interested in finding out the latest news about the outbreak, especially if it’s seemingly legitimate,” he told SC Media UK
An analysis of Android telemetry from Google Play – and other third-party marketplaces – regarding coronavirus-themed legitimate apps and malware in Europe revealed huge spikes in application scans containing “covid” or “corona” in the package name or file path — with over 2,100 scans during the first two weeks of March alone, said the Bitdefender report.
The United States peaked at about 500 and Asia at about 1,000 applications scanned in March, containing the two keywords. While cyber-criminals have their nefarious intentions, other developers are using the information demand to boost the downloads of their apps.
The trend was spotted during a pre-emptive search based on the assumption that cyber-criminals will capitalise on the hot topic. “Consequently, when we started looking for Coronavirus-themed applications and malware, we stumbled onto a lot; some more illegitimate than others,” Arsene told SC Media UK.
“Most apps have been updated strictly from a SEO perspective. Developers have changed the name of existing apps to include keywords such as “coronavirus” or “covid-19”, some have even changed the screenshots of their apps just to make them rank better in search engines and gain extra downloads, even though that might cost them bad reviews on the long run,” he said.
“However, some apps are downright spyware. Attackers will often pretend that the website the victim is visiting belongs to a legitimate global organisation, such as WHO, NATO, or UNICEF, and encourage visitors to download and install an application that promises live updates regarding news, spread, and even medical updates on Coronavirus.”
Once users download these apps from bogus websites, they often crash or display a message saying that it’s not available in that specific region while it starts asking for permission to access sensitive data from the user’s phone.
“Depending on the requested and accepted permission, these spyware apps can pretty much do everything from sending SMS messages to premium rated numbers using the smartphone’s internal sensors such as camera, microphone, GPS, etc. for spyware purposes,” said Arsene.
Many of these apps are not malicious, as they’ll just display a lot of ads and popups that once clicked turn into profit for their developer. However, aggressive adware can drain the phone’s battery. The researchers could not spot targeted attack patterns in these apps, as this seemed more like an opportunistic campaign rather than something orchestrated by nation-state players, Arsene noted.
“Some applications seem to have been developed for specific regions, based on the language used for the in-app messages. What they all have in common is that regardless of the targeted region, they all seem to capitalise on the Coronavirus outbreak.”
Avast recently released a repository for researchers and defenders due to the growing number of Covid-themed apps that have appeared for Android users. Domaintools recently reported about a fake Android Coronavirus app delivering ransomware.
SC Media UK reported earlier that cyber-criminals have used the interactive coronavirus tracking map created by Johns Hopkins University to deliver Android spyware.
The major issue here is that cyber-criminals are still using the same tricks and people still fall for them, he said.
“It highly recommended that we don’t give in to fear, especially the fear of not having enough information, that we constantly check the validity of every piece of information we come across, particularly the ones seeming very exclusive or bombastic, and that we report any potential application or news that’s malicious or distributing misinformation,” he added.
“Since we’re now spending more time online than before, it’s particularly important that we remain vigilant, that we stay informed from official sources, and that we protect our devices from malware, phishing, and coronavirus-themed scams by using a security solution.”