Hackers first send users an SMS message that says “COVID VACCINE ENROLLMENT from 18 years old” and asks users to register with the “COVID-19” app.
(Subscribe to our Today’s Cache newsletter for a quick rundown of the 5 best tech stories. Click here to subscribe for free.)
India opened its vaccination program for the 18-44 age group on May 1, qualifying its entire adult population as eligible for COVID-19 vaccines. While people find it difficult to get slot machines, many application developers have created websites to provide people with information on how to open slot machines.
Hackers are now targeting unsuspecting users by distributing a fake text message that claims to offer an app for recording vaccines.
Security researcher Lukas Stefanko, who spotted the malware, explained on Twitter how it works.
Hackers first send users an SMS message that says “COVID VACCINE ENROLLMENT from 18 years old” and asks users to register with the “COVID-19” app. Once the user downloads the app with the link provided in the message, they request permission to access all contacts and messages. The malware then uses the contacts retrieved from the device to spread to other devices via text messages.
Stefanko added that the app has been updated with a lightweight mode and the name has been changed to ‘Vaccine Register’. For now, penetration has been limited to Android users.
Also read: Government of Delhi. opens 301 vaccination sites in 76 schools for 18-44 year olds
Cyber security company Cyble also acknowledged the malware and noted that the bogus COVID-19 vaccine recording app collects sensitive information from the user’s device. The company has also listed the activities carried out by malware on the device. This includes using the device for unauthorized activities, exposing personal data from the device and mobile accounts, and unauthorized deletion of data from the mobile device or services.
In addition, the malware can also use the billing plan by automatically sending messages without its knowledge.
“We found on Twitter with many abandoned repositories that list similar apps under different names and features, but replicate the same permissions and entry points,” Cyble explained in a blog post. “These apps appear to have been developed by the same developer.”
The company urged users to keep their antivirus up to date to detect and prevent malware infections. He also suggested using strong passwords and two-factor authentication when logging in.
Additionally, users should verify the permissions requested by the app before granting access.