Coronavirus has proven to be a troublemaker for all and the cybercriminals are in it to exploit the situation. Through various methods like ransomware, phishing emails or even the coronavirus-themed apps are used by hackers to affect many mobile devices.
New research by cyber threat intelligence provider, Check Point, revealed several Android apps that apparently are for providing information and help regarding COVID-19 but on the other hand, are delivering remote access Trojans and other kinds of malware.
The report was released by Check Points a few days back in which it listed 16 android apps that are presented as the authentic coronavirus apps. When these apps are installed on mobile devices, malware is released into a device to steal sensitive information or make money from the premium services.
The malware consists of Mobile Remote Access Trojans (MRATs), Banker Trojans and Premium Dialers.
These apps are not available directly on the official store, Google Play, instead are hosted on coronavirus themed domains. It seems like the domains were specifically created for this purpose, to trick users into it.
Since the outbreak of Coronavirus in January, above 51,000 domains related to the virus have been registered so far. In the last two weeks of March alone, around 30,100 domains were registered. Out of these, 131 (0.4%) domains are found to be malicious and 2,777 (9%) domains are under investigation after being considered suspicious.
During the research, one of the malicious apps was found out to be developed using Metasploit, which is a free-penetration testing framework. According to researchers, it takes only 15 minutes for a non-technical person to create a malicious program through it. Three of the samples discovered during the analyses were names as coronavirus.apk.
Check Point researchers discovered that the apps were designed to be delivered to a large number of users. Once the app is installed, a service starts that hides the icons so it is not detected easily by the user. Then the command and control center is connected to download the malicious material.
Researchers found out that a known Malware-as-a-Service (Maas), Cerberus Android Banking Trojan can be rented to build a personal payload and control the affected devices. Cerberus infection is capable of capturing keystrokes, credentials of users, stealing Google Authenticator data, detect SMS messages and using Teamviewer it can control devices remotely.
Premium Dialer was also used by some of the samples without the user’s permission to subscribe to them to premium services. Hiddad, or “Hidden Ad” was another malware that displays ads on the screen even when the app is not in use.
Mobile research manager at Check Point, Aviran Hazum said Coronavirus is not the only threat to human lives but also a digital threat. Hackers are turning the coronavirus fear into their favor by designing apps that look harmless and informative regarding coronavirus but rather set up a trap for users. Creating these malicious apps is easier and simply which is far more concerning, therefore people should triple check before they click on any domain.
Check Point has some suggestion to protect mobile devices from malware:
Photo: Freepik
Read next: Emotet Attacks Microsoft, Taking Down Whole Network By Overheating The Computers
New research by cyber threat intelligence provider, Check Point, revealed several Android apps that apparently are for providing information and help regarding COVID-19 but on the other hand, are delivering remote access Trojans and other kinds of malware.
The report was released by Check Points a few days back in which it listed 16 android apps that are presented as the authentic coronavirus apps. When these apps are installed on mobile devices, malware is released into a device to steal sensitive information or make money from the premium services.
The malware consists of Mobile Remote Access Trojans (MRATs), Banker Trojans and Premium Dialers.
These apps are not available directly on the official store, Google Play, instead are hosted on coronavirus themed domains. It seems like the domains were specifically created for this purpose, to trick users into it.
Since the outbreak of Coronavirus in January, above 51,000 domains related to the virus have been registered so far. In the last two weeks of March alone, around 30,100 domains were registered. Out of these, 131 (0.4%) domains are found to be malicious and 2,777 (9%) domains are under investigation after being considered suspicious.
During the research, one of the malicious apps was found out to be developed using Metasploit, which is a free-penetration testing framework. According to researchers, it takes only 15 minutes for a non-technical person to create a malicious program through it. Three of the samples discovered during the analyses were names as coronavirus.apk.
Check Point researchers discovered that the apps were designed to be delivered to a large number of users. Once the app is installed, a service starts that hides the icons so it is not detected easily by the user. Then the command and control center is connected to download the malicious material.
Researchers found out that a known Malware-as-a-Service (Maas), Cerberus Android Banking Trojan can be rented to build a personal payload and control the affected devices. Cerberus infection is capable of capturing keystrokes, credentials of users, stealing Google Authenticator data, detect SMS messages and using Teamviewer it can control devices remotely.
Premium Dialer was also used by some of the samples without the user’s permission to subscribe to them to premium services. Hiddad, or “Hidden Ad” was another malware that displays ads on the screen even when the app is not in use.
Mobile research manager at Check Point, Aviran Hazum said Coronavirus is not the only threat to human lives but also a digital threat. Hackers are turning the coronavirus fear into their favor by designing apps that look harmless and informative regarding coronavirus but rather set up a trap for users. Creating these malicious apps is easier and simply which is far more concerning, therefore people should triple check before they click on any domain.
Check Point has some suggestion to protect mobile devices from malware:
- Apps should be downloaded from official app stores only
- Install the latest versions of apps and an updated operating system of mobile phone.
- Avoid using public Wi-Fi
- When surfing the internet, only go to websites that are SSL certified
- Allow remote lock and data wipe in mobile devices
- Do not answer unsolicited calls
- Install security solutions in devices to avoid getting infected
Photo: Freepik
Read next: Emotet Attacks Microsoft, Taking Down Whole Network By Overheating The Computers