Malicious Android apps use coronavirus to hack user devices

Phone malware
(Image credit: Shutterstock)

The number of coronavirus-related apps on the Google Play Store has increased significantly over the past few weeks as both legitimate developers and cybercriminals look to cash in on users' fears surrounding the virus.

By analyzing Android telemetry data, security researchers at Bitdefender have observed a huge spike in applications which contain either the worlds 'covid' or 'corona' and in total, the firm identified 579 apps that contained coronavirus-related keywords in their manifest. 

According to Bitdefender, 560 of these apps were legitimate and provided users with news about the coronavirus, information on how to avoid infection and medical booking services. However, many of these apps actually had nothing to do with the coronavirus at all, while others contained adware or were bundled with malware.

Once the coronavirus was declared a pandemic by the WHO, Google began adjusting the Google Play Store's search algorithms in order to filter or remove illegitimate coronavirus apps. 

However, when Bitdefender published its report on the matter, 22 apps using the 'coronavirus' keyword were still available on the Google Play Store and listed under the 'Health and Fitness' and 'Medical' categories. While many of these apps are legitimate, 280 others were removed from the store, including many regional or global coronavirus tracking apps.

Coronavirus apps

By examining coronavirus apps on third-party marketplaces, Bitdefender found that many of them were malicious and were exploiting people's fears of the virus to install adware and malware on users' Android devices.

One such example is an app that imitates a coronavirus information site to spread the Anubis banking Trojan. Once a user installs the app and gives it access to their device, it then requests a number of other permissions and accepts them by itself. The app takes users to a coronavirus statistics website to throw them off its track and hides its icon, while it continues its work in the background.

The Iranian coronavirus app AC19 was another example Bitdefender discovered that is actually a piece of spyware. The sample discovered by the firm asks for permissions to scan for the coronavirus but in reality, the app is asking for sensitive Android app privileges to continue its malicious activities.

An app called Coronavirus Tracker was also found to dispense adware to its victims. When first started, the app says that it is unavailable in a user's country and then hides itself. However, it then bombards users with unwanted ads. Bitdefender's researchers even found that the Joker malware was being distributed by a game called iFun.

Senior e-threat analyst at Bitdefender, Liviu Arsene warned in his report that users need to be extra careful when installing new apps during this difficult time, saying:

“The Coronavirus pandemic might have everyone running around after information, searching for applications that offer live monitoring or even medical appointments to get tested. It’s always recommended that you install only official apps from official marketplaces, and seek information only from official sources. Also, it’s crucial to make sure you have a mobile security solution that can keep you and your device safe from malware and other online threats.”

Via ComputerWeekly

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.