With the pandemic not going anywhere anytime soon, attackers have seized the moment to launch a broad array of attacks. One such attack that is lately giving jitters to governments and people revolves around faux and malicious contact-tracing apps.
Therefore, smartphone users looking to participate in the contact-tracing activity - helpful in preventing the spread of Coronavirus - should keep an eye out for such fake apps that can steal their personal and financial information.
What’s happening?
According to research by Anomali, cybercriminals have impersonated 12 official contact-tracing apps of different countries, including Italy, Russia, Singapore, and Columbia in an attempt to infect users globally.
These apps include trojans such as Anubis and Spynote that are capable of stealing users’ credentials and sensitive information from their smartphones.
The interesting aspect is that none of these fake apps are available in the Google Play Store. They are being distributed via websites and third-party stores, among other sources.
More emerging threats
In May, Members of the Parliament had alerted UK citizens about a scam in which fraudsters used a fake version of the NHS contact-tracing app to gain access to bank accounts and commit identity fraud.
Security researchers also found a new ransomware strain, named [F]Unicorn, that disguised as the official COVID-19 contact-tracing Immuni app of Italy to infect users.
Other security concerns
Check Point researchers have flagged several security concerns around the implementation of contact-tracing apps.
These security issues can be exploited to obtain a user’s GPS location, compromise personal data, launch Man-in-the-Middle (MitM) attacks by intercepting an app’s traffic, and flood the user’s phone with fake health reports.
How to stay safe?
It is recommended that end-users should only install contact-tracing Coronavirus apps from official app stores since they only allow authorized government agencies to publish such apps.
In addition, users should also download and install a mobile security solution to scan applications and protect their devices against malware.