An app that mimics an official coronavirus information app has been identified as part of a larger cyber-espionage campaign.
The security solutions firm Trend Micro has dubbed it Project Spy and also revealed that the app masquerades as a coronavirus update app, posing as a genuine information repository of Covid-19 pandemic. The apps were available on Android and iOS.
It has also found similarities in two older samples disguised as a Google service and, subsequently, as a music app called Wabi Music. The second version was dubbed as the Coronavirus Updates app. They were able to discover related apps by searching for ‘Concipit Shop’, the developer behind it, Project Spy is no longer available on Google Play from March 2020 and it was noticed that versions of Project Spy are capable of stealing a significant amount of data.
The first variant was able to collect device and system information including IMEI, device ID, manufacturer and model, as well as phone number, location data, contacts, and call logs. It was also able to collect and send SMS messages and monitor calls along with taking photos with the camera and uploading recorded MP4 files.
The Wabi Music app seems to have been built significantly over the capabilities of the Project Spy app. In addition to the above-mentioned capabilities, it can bypass the FTP mode for uploading recorded images.
It also gained access to notifications from apps making WhatsApp, Facebook, Telegram, and others vulnerable to it. These apps recorded most downloads from Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.
Trend Micro revealed that the capabilities of the apps are not well concealed so existing security solutions can prevent Project Spy attacks. Experts recommend users to check the genuineness of any app before downloading it.
