With the pandemic not going anywhere anytime soon, attackers have seized the moment to launch a broad array of attacks. One such attack that is lately giving jitters to governments and people revolves around faux and malicious contact-tracing apps.
Therefore, smartphone users looking to participate in the contact-tracing activity - helpful in preventing the spread of Coronavirus - should keep an eye out for such fake apps that can steal their personal and financial information.
- According to research by Anomali, cybercriminals have impersonated 12 official contact-tracing apps of different countries, including Italy, Russia, Singapore, and Columbia in an attempt to infect users globally.
- These apps include trojans such as Anubis and Spynote that are capable of stealing users’ credentials and sensitive information from their smartphones.
- The interesting aspect is that none of these fake apps are available in the Google Play Store. They are being distributed via websites and third-party stores, among other sources.
More emerging threats
- In May, Members of the Parliament had alerted UK citizens about a scam in which fraudsters used a fake version of the NHS contact-tracing app to gain access to bank accounts and commit identity fraud.
- Security researchers also found a new ransomware strain, named [F]Unicorn, that disguised as the official COVID-19 contact-tracing Immuni app of Italy to infect users.
Other security concerns
- Check Point researchers have flagged several security concerns around the implementation of contact-tracing apps.
- These security issues can be exploited to obtain a user’s GPS location, compromise personal data, launch Man-in-the-Middle (MitM) attacks by intercepting an app’s traffic, and flood the user’s phone with fake health reports.
How to stay safe?
- It is recommended that end-users should only install contact-tracing Coronavirus apps from official app stores since they only allow authorized government agencies to publish such apps.
- In addition, users should also download and install a mobile security solution to scan applications and protect their devices against malware.