Hackers first send users an SMS message which says “REGISTER FOR COVID VACCINE from age 18+” and asks users to register with the ‘COVID-19’ app.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
India opened its vaccination programme for 18 – 44 age group on May 1, qualifying all of its entire adult population eligible for COVID-19 vaccines. While people find it hard to get slots, many app developers have built websites to provide people information on when slots are open.
Hackers are now targeting unsuspecting users by circulating a fake SMS message that claims to offer an app for vaccine registration.
Security researcher Lukas Stefanko who spotted the malware, explained on Twitter how it works.
Hackers first send users an SMS message which says “REGISTER FOR COVID VACCINE from age 18+” and asks users to register with the ‘COVID-19’ app. Once the user downloads the app with the link provided in the message, it requests permission to access all the contacts and messages. The malware then uses the contacts fetched from the device to spread to other devices via text messages.
Stefanko added that the app was updated with a light mode and the name was changed to ‘Vaccine Register’. As of yet, the penetration has been limited to Android users.
Cybersecurity firm, Cyble, also acknowledged the malware and noted that the fake COVID-19 vaccine registration app collects sensitive information from the user’s device. The firm also listed activities performed by malware on the device. It includes using the device for unauthorised activities, exposing personal data from the device and mobile accounts, and unauthorised deletion of data from the mobile device or services.
Additionally, the malware can also use billing plan by automatically sending messages without their knowledge.
“We found from twitter with many abandoned repositories that contains the list of similar apps under different names and functionalities but replicates the same permissions and entry points,” Cyble explained in a blog post. “These apps seem to have been developed by the same developer.”
The firm urged users to keep their antivirus updated to detect and prevent malware infections. It also suggested the use of strong passwords and two-factor authentication during logins.
Besides, users must verify the permissions requested by the app before granting access.