Skip to main content

Android malware posing as Covid-19 contact tracing apps

Malicious Contact Tracing App
(Image credit: EclecticIQ)

As countries around the world started providing Covid-19 contact tracing apps to their citizens, cybercriminals used this to their advantage to distribute Android malware, according to a new report from EclecticIQ and ThreatFabric.

Researchers from both companies as well others identified malicious Android apps that were disguised as the official contact tracing applications for Colombia, India, Singapore and Indonesia. Surprisingly, the sample from India was released just 13 days after the official Indian contact tracing app was made available on the Google Play Store.

After analyzing the samples, EclecticIQ and ThreatFabric found they used the commodity and open source malware SpyMax, SpyNote and Aymth. The attackers also repackaged applications with Metasploit to give them remote access trojan capabilities.

To distribute their malicious contact tracing apps, the cybercriminals relied on phishing links that were designed to trick users into installing their apps.

Malicious contact tracing apps

Based on the findings of EclecticIQ and ThreatFabric's report, it is almost certain that threat actors will continue to use commodity and open source-based malware disguised as legitimate contact tracing apps for financial gain.

The low barrier to entry provided by these tools combined with the continued rollout of contact tracing apps by countries around the world, presents a continued financial opportunity for cybercriminals into the near future.

Cyber threat intelligence specialist at ElecticIQ's Fusion Center, Peter Ferguson explained in a press release that users should only download Covid-19 contact tracing apps from official app stores, saying:

"Users should never download contact tracing android applications from links sent to them or from third party stores. If they are interested in downloading their nation's contact tracing application, they should use the official site or the Google Play Store."

Throughout the pandemic, cybercriminals have repeatedly tried to capitalize on the disruption it has caused worldwide by using Covid-19 as a lure to trick users into installing malware on their devices. They will likely continue to launch similar campaigns because of how successful they've been so far. This means that businesses and consumers need to remain vigilant when it comes to Covid-19-related threats and scams.