Commercial spyware mounted on Covid-19 tracker app

News by Chandu Gopalakrishnan

Cyber-criminals use coronavirus tracking map created by Johns Hopkins University to deliver Android spyware

In the latest instance of cyber-criminals hacking legitimate Covid-19 service, the interactive coronavirus tracking map created by Johns Hopkins University has been used to deliver Android spyware, found Lookout researchers.

“Lookout researchers who were investigating potentially malicious mobile applications pertaining to this topic (Coronavirus) discovered an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals,” wrote Lookout security research engineer Kristin Del Rosso.

The application, titled “corona live 1.1”, was found to be a SpyMax sample. It provided an interface to the data found on the Johns Hopkins coronavirus tracker, including infection rates and number of deaths over time and per country.

“SpyMax is a commercial surveillanceware family that appears to have been developed by the same creators as SpyNote, another low-cost commercial Android surveillanceware. SpyMax has all the capabilities of a standard spying tool, and forums referencing the malware praise its “simple graphical interface” and ease of use,” Del Rosso wrote.

Even though the infected app states it does not require special access privileges, it subsequently proceeds to request access to media, files, location, as well as permission to use the camera and microphone.

This is the latest instance where hackers have targeted widely-used Covid-19 tracking software offered by John Hopkins University. Earlier this month, Malwarebytes researchers found a weaponised coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. It cited Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source.

“Bad actors frequently target organisations in high stress times and now, during a time that is unprecedented in its uncertainty and confusion, it’s more important than ever for organisations to arm against cybe-rattacks and maintain the trust of the public,” commented Tanuj Gulati, CTO at Securonix.

“Incidents such as this underpin the value of scalable cloud-based security solutions and of having centralised threat investigation, analytics and response abilities available to security analysts securely wherever they are,” he added.

Criminals are bound to make the most of the Coronavirus situation, a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem, noted Ilia Kolochenko, founder & CEO of ImmuniWeb.

"The more emotions and personal matters the attackers leverage, the more successful their campaigns will likely be. The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organisational cyber-risks, and the Covid-19 connection makes victims particularly susceptible to thoughtless actions.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews