Fake COVID-19 apps can load ransomware, spyware on devices
Security and tech experts have warned that hackers are now resorting to emails and apps claiming to provide information on the COVID-19 outbreak to fool victims into installing malware on their devices.
According to information security provider ZScaler, hackers have been preying on people’s fears of the coronavirus by creating apps with features too good to be true. One such fake app claims to notify users as soon as anyone infected with the virus is nearby. The app actually locks the victim’s phone and demands for a ransom to lift the encryption.
“There are also apps that tell you where you can go and buy an N-95 mask. These are all hoaxes – the moment a user downloads such an app it will corrupt your smartphone or laptop and may ask for a ransom to unlock it,” Sudip Banerjee, the director of transformation strategy in Asia-Pacific and Japan at ZScaler, told ETtech.
Another security company, Lookout, found that another application is essentially a copy of the legitimate coronavirus tracker maintained by Johns Hopkins University – only this copy has trojan malware.
“Upon first launch, the app informs the user it does not require special access, but subsequently proceeds to request access to photos, media, files, device location,” explained Lookout security research engineer Kristin Del Rosso.
Fake mobile apps are not the only thing threatening users – emails on the subject of the coronavirus have also become another outlet for malware. Emails with document attachments claiming to have a list of precautionary measures against the infection can be phishing attempts, warned Quick Heal Security Labs director Himanshu Dubey.
“We see links or attachments that deliver information stealing malware which can steal the person’s website and bank credentials,” Dubey told ETtech.
Dubey added that cyber attackers “have become very good at latching on to any local or global event once it gains traction.”