Threat actors are using fake COVID-19 contact tracing apps to infiltrate Android devices in countries around Asia, Europe and South America.
According to research from Anomali, 12 fake apps have been detected as targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Once installed, the apps are designed to download and install malware to monitor infected devices, steal banking credentials and personal data.
In particular, the Anubis and SpyNote malware have been detected as being downloaded by these apps. Anubis is an Android banking Trojan that utilizes overlays to access infected devices and then steal user credentials, while SpyNote is an Android Trojan used for gathering and monitoring data on infected devices.
The fake app detected as imitating the Brazilian government’s official COVID-19 tracing app imitates the legitimate application by asking for the accessibility service privilege on the user’s app settings, and once the user enables the permissions, the app will run in the background and hide the icon from the application drawer.
“We believe the threat actors are distributing the malicious apps via other apps, third-party stores, and websites, among other channels,” Anomali said.
“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies. The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse.”