With the current coronavirus pandemic spreading round the world, there are definitely some dubious characters who want to take advantage of vulnerable people and scam them.
The apps claim they help in tracking COVID-19 cases, testing for COVID-19 and even treating COVID-19.
There are reports of some apps which are in fact ransomware. For example, “CovidLock” masks itself as a real-time coronavirus map tracker. In reality, the app is poisoned with ransomware. If you download the android app and grant the app access to certain phone settings, the ransomware is enabled.
The app will lock you out of your phone and will demand that you pay $100 in bitcoin to the hackers within 48 hours. If you don’t comply, the ransomware threatens to delete your phone’s storage and leak social media accounts.
Here is a copy of the COVID-19 Tracker App Ransom Note
The app is no longer on Google Playstore but the website (coronavirusapp[.]site) that hosts the ransomware app still appears active.
This scam was spotted by DomainTools, an IT Security company.
There is also another report of an android ‘coronavirus safety app’ that encourages people to download the app if they want a ‘coronavirus safety mask’. Beware! It’s a scam that can steal your texts and phonebook.
Cyber-security experts found the dangerous website which states “Download App From Below Button And Install. You Will Get A Corona Safety Mask.” Victims who click download will then see another button stating “GET SAFETY MASK”. You’ll then be taken to a fake mask website.
Then a message saying “You infected [the mask site] with High Dose of Traffic.” is said to appear. While you’re reading this message the hackers are busy gaining all your contacts from your Android phone.
The scam was spotted by researchers at IT security company Zscaler
Bleeping Computer also reports a new cyberattack which has been found propagating a fake COVID-19 information app that is allegedly from the World Health Organization (WHO). The campaign involves hacking routers’ Domain Name System (DNS) settings in D-Link or Linksys routers to prompt web browsers to display alerts from the said apps.
Users reported that their web browsers automatically open without prompting, only to display a message requesting them to click on a button to download a “COVID-19 Inform App.” Clicking on the button will download and install the Oski info stealer on the device. This malware variant can steal browser cookies, browser history, browser payment information, saved login credentials, cryptocurrency wallets, and more.
In light of the fraudulent apps, Apple, Google, Amazon have blocked nonofficial coronavirus apps from app stores. Apple and Amazon are only accepting COVID-19 and coronavirus-related apps from “recognized entities,” while Google is pointing people toward the WHO’s website.
Our Advice
As much as you would want to get as much information about the COVID-19 pandemic, we urge you to adopt he following measures:
- Be careful and only get information from the WHO website and other trusted information sources from government and research institution’s websites.
- Don’t click on anything in your email that’s health related. In general, be sure to follow all of the basic phishing recommendations—be aware that people are trying to capitalize on fear here.
- Ensure that you download Android applications only from the Google Play store and Apple applications from the Apple store. There is a much higher risk of downloading malware from untrusted 3rd party stores.
1 Comment
Pingback: Apple and Google Combine to Build COVID-19 Tracking Tech into iOS and Android - Innovation Village