Posted on April 10, 2020 at 10:12 AM
Malicious Coronavirus-Based Apps Compromising Android Devices
Check Point Security firm has uncovered some coronavirus-based apps can open hacking windows for cybercriminals to take control of devices. The attackers can use the apps to have access to the calendar, contacts, and other details in the victim’s device.
Mobile malware has always been a threat. But the threat has risen to an exponential level as cybercriminals are continually exploiting the current vulnerable health environment with ransomware, phishing emails, and other forms of attacks. They are taking advantage of the fear surrounding the COVID-19 outbreak to deceive mobile device users and infiltrate their devices.
Recently, cybersecurity service provider Check Point Research discovered a COVID-19 themed app that purportedly offers updates and information on the pandemic. However, the app delivers remote access Trojans as well as other malware on the devices. When the user downloads the app, their devices are compromised and the attackers would have access to several details in the device.
Installed malware steals sensitive information from devices
Check Point released its findings yesterday, detailing its detection of 16 different apps that are disguising as legitimate COVID-19 apps.
When these apps are installed, they fraudulently generate money from paid services or steal sensitive information from the device. This malware includes Premium Dialers, Banker Trojans, and Remote Access Trojans.
These apps are not downloaded from official stores like Google Play. Rather, they come from new coronavirus-themed domains. According to Check Point researchers, these domains could have been set up only to deceive unsuspecting users.
More than 51, 000 COVID-19 related domains have been set up since the virus outbreak in December last year. Just last month, over 30,000 of those domains were created. Out of this number, 2,777 are under investigation for malicious practice while 131 have been identified as malicious apps.
According to the manager of the Mobile Research Unit at Check Point, Aviran Hazum, apart from the physical threat going on from the outbreak of COVID-19, there is also an extensive threat to the cyber front. Cybercriminals are taking advantage of the outbreak to deceive their victims into installing malicious apps in their devices.
In his words, “Hackers are feasting around the fear of coronavirus by creating malicious applications that have names and icons.“
How the Apps infiltrates mobile devices
Check Point traced the part of one of those malicious apps and discovered that the cybercriminals developed a free-penetration testing protocol known as Metasploit. It’s an easy-to-use tool that enables just about anyone with a little computer skill to develop a malicious program within a few minutes.
The researchers revealed that three of the sampled apps were called coronavirus.apk. The sampled apps were set up for release to take over a large number of mobile devices. When the user installs the app, it begins a service that would keep them completely under the radar to the user.
The app can infiltrate and steal files while staying undetected. They can link to a command and control center that gives them a free pass to download the malicious payload.
Check Point researchers said a Malware-as-a-Service known as Cerberus Banking Trojan, was used as payload to control the infiltrated devices. The service can be utilized by anyone on a rental basis if they want to develop their payload and have control over infected devices.
Basically, the Cerberus Trojan can control the infiltrated device remotely, spy on SMS messages, steal Google Authenticator data, and capture user credentials and keystrokes.
Check Point also discovered other samples that use Premium Dialer, which automatically subscribes users to premium services without their approval or knowledge.
Hiddad, another malware discovered, automatically sends ads to the screen of the infected device even when the app is not open.
Avoiding malware attack
Check Point has also offered advice to avoid being a victim of such a malicious attack. According to the security firm, users should block unsolicited calls, enable data swipe and remote clock, and avoid connecting to public Wi-Fi networks. They should also download apps only when they are from reputable app stores.