The bad news
Attackers are exploiting the COVID-19 vaccine apps to deploy malware to Android devices. Since the outburst of the pandemic, they haven’t missed any opportunity to spread malware via Covid19-themed emails, apps, websites and social media.
But now, Bitdefender researchers have found multiple apps taking advantage of mobile users looking for information about the vaccines or seeking an appointment to get the jab.
Sometimes disguised in or invisibly attached to legit digital products, these fake applications are ready to take over the device after just a few taps. Google has been trying to vet all vaccination-related applications properly, but some fell through the cracks.
Here’s what to pay attention to if currently you are not using a mobile protection solution, which could keep your device safe.
Hydra Bankers are part of the infamous Hydra trojan family. The Accessibility permissions let the apps record and collect what the user is typing on the device, such as credit card numbers, passwords and more. From there, it’s only a matter of time before the user’s banking data is leaked.
Cerberus Bankers will take over the device once the victims grant the malware the requested Accessibility permissions.
Repackaged adware. For example, Vaccinum, the version from third-party Android application markets. While this version is the same as the original app functionality-wise, it comes repackaged with adware.
Co-Win Adware. The Indian government’s COVID-19 vaccine tracking and registration platform was rapidly copied after launch. Adware and fake applications immediately followed.
The good news
You can stay away from malicious apps by being vigilant and get any COVID-19 related information from known, proper channels and official government sources.
Being wary of apps requesting access to the Accessibility Service might also help, as it’s the main access route for criminals into your mobile devices.
If you feel you need expert help to keep your smartphone safe, you are right. Mobile threats are on the rise, consistent with the growing number of people who use their Android devices for shopping, online bank services and messaging.
Consider getting Bitdefender Mobile Security that keeps Android devices safe from all new and existing online threats. Plus, the antivirus module automatically scans each app once you install it, and immediately lets you know whether it poses any danger.
Read the complete Bitdefender Labs research here.