Cyber criminals are spreading bogus “contact tracing” apps masqueraded as official software to track coronavirus infections, which in reality are installing malware on devices of unsuspecting users, according to a new report from Anomali.
The researchers said they identified 12 such apps that targeted users in various countries. The apps contained malicious software, primarily the Anubis banking malware and the SpyNote trojan. Anomali found fake apps deployed in Armenia, Brazil, India, Colombia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore, in some cases impersonating official government tracing applications.
Once installed on an Android device, the malware would steal banking credentials and personal data.
Anomali said that instead of using official channels like the Google Play Store, the fake COVID-19 apps are rather being distributed via other apps, third-party stores, and websites that encourage downloads.
Four of the 12 malicious apps downloaded either the Anubis malware, or the SpyNote trojan. The other eight apps installed more generic malware strains, such as adware.
Anubis is an Android banking trojan, which can record phone calls and keystrokes, access SMS messages and other data. SpyNote is an Android trojan that accesses text messages, contacts and GPS location details. It is also able to capture screenshots, call from victim’s number, read and write messages and record phone calls.
“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies. The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse,” the researchers concluded.