At least a dozen bogus “contact tracing” apps designed to look like official software to track coronavirus infections have been deployed globally to spread malware and steal user data, security researchers said Wednesday. These fake coronavirus apps can be very dangerous.
The researchers from California-based firm Anomali said the apps, once installed on a device, “are designed to download and install malware” on devices and “steal banking credentials and personal data.”
Fake coronavirus apps designed to act like official apps
Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads.
“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies,” the company said in a blog post.
#Coronavirus Scam Uses a Fake COVID-19 Map Pushing an App That Lets Cybercrooks Spy on You Through Your Phone
https://t.co/QWrtISKaZi pic.twitter.com/ZkX7Wigdcw— Cyclonis (@cyclonislimited) March 25, 2020
“The global impact of the COVID-19 pandemic makes the virus a recognisable and potentially fear-inducing name, of which actors will continue to abuse.”
The revelation is the latest warning about hackers using the virus pandemic to take advantage of public fear to trick users into revealing passwords or other data.
Contact-tracing apps are being developed in many countries, using smartphone technology to determine when users have come into contact with an infected individual.
Security concerns over official apps
A variety of technologies are being used for the apps, including some systems that have been criticised by privacy activists for collecting data which may be abused by governments.
Some surveys suggest the public is skeptical about using the apps.
Pakistan’s federal government on Wednesday said that there was no rhyme or reason for citizens to believe reports of security flaws and bugs in its Covid-19 Gov PK application aimed at providing easy access to information on ventilator availability in hospitals across the country.
Read more: Is it safe to use the government’s COVID 19 app?
“The purpose of the app is to stop the epidemic’s spread. A very limited personal information of the user is collected. The app does not show the exact coordinates of the infected people, instead, it shows the radius parameter that is fixed by default at 10 meters for self-declared patients and 300 meters at a quarantine location. Hence, self-declared patients have given their consent to reveal their coordinates for the safety of other citizens. Moreover, they have accepted our app privacy policy/terms and conditions,” it said.
Governments to clamp down on fake coronavirus apps
Sindh, province of southeastern Pakistan, Police Department’s Security and Emergency Service Division has recently launched an application dubbed “Citizen Monitoring App.” The Citizen Monitoring App is designed to keep tabs on citizens roaming around the city. It will be available only to the officials and will be installed on Mobile Phones used by officers deputed at police checkpoints.
Similarly, the Moscow police claimed to have caught and fined 200 people who violated quarantine and self-isolation using facial recognition and a 170,000-camera system. According to a Russian media report some of the alleged violators who were fined had been outside for less than half a minute before they were picked up by a camera.
As citizens have been asked to use the government’s Covid-19 app, experts believe that these tools will become a permanent part of our lives, and the governments will use them to control citizens.
Fake coronavirus apps could steal data
Anomali found bogus apps deployed in Armenia, Brazil, India, Colombia, Indonesia, Iran, Italy, Kyrgystan, Russia and Singapore, in some cases impersonating official government tracing applications.
A similar warning last month from a British-based association said fraudsters had tried to get users to download a bogus UK contact tracing app.
The Chartered Trading Standards Institute (CTSI) said it had evidence of a phishing scam that uses a text message to try to fool people into believing they have been in contact with someone who has tested positive for coronavirus.
The bogus text messages the CTSI has seen appear to have been sent by an official source associated with the app, directing recipients to a website that asks for their personal details. Scammers can then use the information to gain access to bank accounts and commit other forms of identity fraud.
Scams related to the coronavirus have increased since March, and Action Fraud reports that fraudsters have stolen more than £2m. Fake coronavirus apps and scams breach the user’s personal information and can cause great losses.
AFP with additional input by GVS News Desk