COVID-19: Malicious Contact Tracing Apps Infecting Android Phones

Contact tracing is an essential component of the toolbox required to contain harmful disease outbreaks. According to Johns Hopkins Medicine, this is especially true for the current COVID-19 pandemic spread across the globe because the disease can be spread by people without any symptoms.

Contact tracing is the process of identifying, assessing, and managing people who have been exposed to a disease to prevent onward transmission. When applied systematically, it can break chains of transmissions and control the spread of the virus.

With that in mind, the importance of correctly carrying out the procedure is critical. Unfortunately, a team at Anomali Threat Research (ATR) found 12 malicious applications for Android devices in June, disguised as government-issued COVID-19 contact tracing applications distributing malware.

Here are some important details.

Android Trojans In The COVID Era

The team over at ATR found several applications containing an array of malware groups, primarily banking Trojan Anubis and SpyNote, an Android Trojan used to collect and monitor devices on infected devices. Once these applications are installed on a device, they are programmed to download and install malware that monitors and steals sensitive personal information such as banking credentials.

According to ATR, these apps are likely being distributed through other mobile apps, third-party stores, and websites, among other sources, ATR says.

A Rundown Of The 12 Malicious Apps

These malicious applications target the citizens of multiple countries. By mimicking the behavior of official government applications, attackers are able to exploit the brand recognition and perceived trust of official software released by government agencies.

Government Tracing Application Official Package Name Malicious Package Name Detection Name
Armenia am.gov.covid19 am.gov.covid19 Trojan
Arrogyasettu (India) nic.goi.aarogyasetu com.android.tester SpyNote
Brazil br.gov.datasus.guardioes wocwvy.czyxoxmbauu.slsa Anubis
Chhattisgarh com.mobcoder.govcth cmf0.c3b5bm90zq.patch Trojan
Columbia co.gov.ins.guardianes qmkeasedjeumxmgb.czmofiuouafiuwtmwonw.eeepqsunrbflk Trojan
Indonesia com.telkom.tracencare cmf0.c3b5bm90zq.patch SpyNote
Iran ir.covidapp.android co.health.covid Trojan
Italy (impersonating INPS)  

certificati.farma.droid

ynhsumknjtd.hphsefyntauykl.hauqklysedjjnukso
Kyrgyzstan kg.cdt.stopcovid19 kg.cdt.stopcovid19
Russia com.minsvyaz.gosuslugi.stopcorona anubis.bot.myapplication
Singapore sg.gov.tech.bluetrace iiyyxasgfmaeph.jyefwosxdajh.ubempzgulrqdkcmjaplqrxeq

 

zfhxmtepnxyljw.wqnszljeb.bkolzgalth

Trojan

 

 

Trojan

The global impact of the COVID-19 pandemic has made the virus a universally recognizable name that many people have come to fear. Attackers are exploiting this to increase the reach of their malware.

Manoharan Mudaliar is a leading cyber security professional offering IT security consultancy services to numerous organizations from various industries. He is renowned for leveraging innovative security solutions driven with a passion for helping clients achieve their business goals.

Get in touch with Manoharan Mudaliar for more information at mudaliar.manoharan@gmail.com

Facebook Comments

POST A COMMENT.