COVID-19: Malicious Contact Tracing Apps Infecting Android Phones

Contact tracing is an essential component of the toolbox required to contain harmful disease outbreaks. According to Johns Hopkins Medicine, this is especially true for the current COVID-19 pandemic spread across the globe because the disease can be spread by people without any symptoms.

Contact tracing is the process of identifying, assessing, and managing people who have been exposed to a disease to prevent onward transmission. When applied systematically, it can break chains of transmissions and control the spread of the virus.

With that in mind, the importance of correctly carrying out the procedure is critical. Unfortunately, a team at Anomali Threat Research (ATR) found 12 malicious applications for Android devices in June, disguised as government-issued COVID-19 contact tracing applications distributing malware.

Here are some important details.

Android Trojans In The COVID Era

The team over at ATR found several applications containing an array of malware groups, primarily banking Trojan Anubis and SpyNote, an Android Trojan used to collect and monitor devices on infected devices. Once these applications are installed on a device, they are programmed to download and install malware that monitors and steals sensitive personal information such as banking credentials.

According to ATR, these apps are likely being distributed through other mobile apps, third-party stores, and websites, among other sources, ATR says.

A Rundown Of The 12 Malicious Apps

These malicious applications target the citizens of multiple countries. By mimicking the behavior of official government applications, attackers are able to exploit the brand recognition and perceived trust of official software released by government agencies.

Government Tracing Application Official Package Name Malicious Package Name Detection Name
Armenia Trojan
Arrogyasettu (India) nic.goi.aarogyasetu SpyNote
Brazil wocwvy.czyxoxmbauu.slsa Anubis
Chhattisgarh com.mobcoder.govcth cmf0.c3b5bm90zq.patch Trojan
Columbia qmkeasedjeumxmgb.czmofiuouafiuwtmwonw.eeepqsunrbflk Trojan
Indonesia com.telkom.tracencare cmf0.c3b5bm90zq.patch SpyNote
Iran Trojan
Italy (impersonating INPS)  


Kyrgyzstan kg.cdt.stopcovid19 kg.cdt.stopcovid19
Russia com.minsvyaz.gosuslugi.stopcorona
Singapore iiyyxasgfmaeph.jyefwosxdajh.ubempzgulrqdkcmjaplqrxeq







The global impact of the COVID-19 pandemic has made the virus a universally recognizable name that many people have come to fear. Attackers are exploiting this to increase the reach of their malware.

Manoharan Mudaliar is a leading cyber security professional offering IT security consultancy services to numerous organizations from various industries. He is renowned for leveraging innovative security solutions driven with a passion for helping clients achieve their business goals.

Get in touch with Manoharan Mudaliar for more information at

Facebook Comments