Posted on March 27, 2020 at 10:16 AM
There are more coronavirus-related apps on Google Play Store within the past few weeks, as both cybercriminals and legitimate developers are taking advantage of the fear surrounding the epidemic.
Security researchers at Bitdefender analyzed Android telemetry data and discovered that there is an enormous increase in coronavirus-related apps with more than 500 related apps identified on the Google Play Store. Many of these apps were launched just to scam victims.
Malicious apps disguised as coronavirus informants
Although some of the apps offer users information about the virus and how to avoid its infection, others were just there to scam their victims.
Many of them have no tangible benefit to render about the disease, rather they were filled with malware and adware.
After the WHO declared the virus as a pandemic, Google started adjusting its Play Store algorithm to remove or filter illegitimate coronavirus-related apps.
The apps were listed under the “medical” and Health and Fitness” categories. Google has so far removed 280 of such apps from its store, which included many global or regional coronavirus tracking apps.
But not all of these malicious apps were removed from the play store, as Bidfefender still saw about 22 apps with the virus keyword on the Play Store.
Hackers exploiting people’s fears for COVID-19
When Bitdefender analyzed COVID-19 apps on third-party marketplaces, it discovered that a lot of them were malicious. They were taking advantage of the fears surrounding the virus to exploit people and install malware on their Android devices.
One of those malicious apps copied information from a legitimate coronavirus information sharing site to distribute the Anubis banking Trojan. When the victim installs the app, it asks for other permissions and doesn’t even wait for the user before accepting them by itself. Afterward, the malware opens the pathway for hackers to infiltrate their Android devices.
The app directs the user to a statistics site to hide its malicious icon and keep the user busy while it continues working in the background.
Another example of how this malware infiltrates the system is the Iranian COVID-19 app known as AC19. While the AC19 camouflages and deceives the user that it’s passing legitimate information about the virus, it’s in fact a piece of spyware.
Bitdefender discovered that the spyware asks the user for permission to scan for the coronavirus. However, the app is actually seeking for permission to infest the Android devices and continue its malicious activities.
In another instance, an app is known as the Coronavirus tracker also distributes malware to Android devices once they are given permission.
When the app is open, it tells the user it’s not available in their country. However, it will hide and later start sending an enormous amount of adverts to the user. According to the researchers at Bitdefender, the malware is even dispersed by a game known as iFun.
Liviu Arsene, a senior threat analyst at Bitdefender, reported that people should be very careful before they install any app during this difficult period.
He said although the coronavirus has made many people search for information and install apps that can help them track the spread of the disease, people should be careful not to fall victim to hackers.
According to him, “It’s always recommended that you install only official apps from official marketplaces, and seek information only from official sources.”
He reiterated that it’s very important to keep a strong security solution for mobile devices, which will help to keep them secured from online threats and malware.
Coronavirus-linked ransomware also detected
In another development, there is a new malware that disguises as coronavirus informant to install a virus that locks users out of their phones. The Ransomware app is known as CovidLock. Once the user installs the software, it automatically infiltrates the android device and asks the user to pay a ransom or risk losing everything on their phone.
This latest ransomware was reported by a security firm, Domain Tools. According to the cybersecurity outfit, the malware actors usually ask the victims to pay $100 in Bitcoin within 2 days or lose everything in the infected phone.