Skip to main content

Fake Covid-19 contract-tracing apps will spy on you: What to do

covid-19 contact tracing apps
(Image credit: Ascannio / Shutterstock.com)

As governments across the world release Covid-19 contact-tracing apps to their citizens in a bid to slow down the spread of the disease, cybercriminals are creating fake versions of these apps.

Security researchers from Anomali Threat Research (ATR) warned yesterday (June 10) that cyber crooks are “distributing fake Android applications themed around official government Covid-19 contact tracing apps”.

The researchers have spotted 12 malicious apps pretending to be legitimate contact-tracing services. In reality, the apps carry malware like Anubis and SpyNote. 

Anubis is a banking Trojan that aims to gain access to online bank accounts, while Spynote monitors user data once a device is infected

“These apps, once installed on a device, are designed to download and install malware to monitor infected devices, and to steal banking credentials and personal data,” warned the ATR researchers. 

“ATR believes that the fake apps are likely being distributed through other apps, third-party stores, and websites, among others," they added. "As of the publication of this research, the fake apps had not been identified as being present in the Google Play Store."

Multiple countries and regions targeted

ATR says the apps are targeting citizens of several countries, including Armenia, India, Brazil, Colombia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore. 

The report warns that cybercriminals are increasingly taking advantage of the pandemic, saying: “Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies. 

“The global impact of the Covid-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse. This research reveals a glimpse into some of the applications threat actors are actively distributing, and there are likely numerous others in the wild that have not yet been detected.”

To avoid falling victim to such scams, make sure to get Android apps only from the official Google Play Store and to install one of the best Android antivirus apps.