Now, Contact-Tracing Apps Are on the Radar of Hackers

With the pandemic not going anywhere anytime soon, attackers have seized the moment to launch a broad array of attacks. One such attack that is lately giving jitters to governments and people revolves around faux and malicious contact-tracing apps.

Therefore, smartphone users looking to participate in the contact-tracing activity - helpful in preventing the spread of Coronavirus - should keep an eye out for such fake apps that can steal their personal and financial information.

What’s happening?

  • According to research by Anomali, cybercriminals have impersonated 12 official contact-tracing apps of different countries, including Italy, Russia, Singapore, and Columbia in an attempt to infect users globally.
  • These apps include trojans such as Anubis and Spynote that are capable of stealing users’ credentials and sensitive information from their smartphones.
  • The interesting aspect is that none of these fake apps are available in the Google Play Store. They are being distributed via websites and third-party stores, among other sources.

More emerging threats

  • In May, Members of the Parliament had alerted UK citizens about a scam in which fraudsters used a fake version of the NHS contact-tracing app to gain access to bank accounts and commit identity fraud.
  • Security researchers also found a new ransomware strain, named [F]Unicorn, that disguised as the official COVID-19 contact-tracing Immuni app of Italy to infect users.

Other security concerns

  • Check Point researchers have flagged several security concerns around the implementation of contact-tracing apps.
  • These security issues can be exploited to obtain a user’s GPS location, compromise personal data, launch Man-in-the-Middle (MitM) attacks by intercepting an app’s traffic, and flood the user’s phone with fake health reports.

How to stay safe?

  • It is recommended that end-users should only install contact-tracing Coronavirus apps from official app stores since they only allow authorized government agencies to publish such apps.
  • In addition, users should also download and install a mobile security solution to scan applications and protect their devices against malware.