With the Coronavirus pandemic destroying entire countries at large, people are looking to stay aware of the disease as much as possible. With lockdowns in action across many countries, staying in the know-how regarding the pandemic for most people points to digital means like websites. In countries like India, where digitalization has recently taken big steps, people are being encouraged to use verified handles on apps like Twitter, Telegram, and WhatsApp to stay updated on the issue. Also Read - Virtual Games to play on ZOOM during Coronavirus Lockdown
However, as people grow more afraid of the pandemic, cybercriminals are using the chaos as an excuse to take advantage of them. Check Point Research recently identified malicious applications, masquerading as coronavirus apps. While they look harmless, these apps are designed to take control of your Android device. Once the malicious application is installed, a hacker takes intrusive control of your device via a remote shell, accessing a person’s calls, SMS, calendar, files, contacts, microphone, and camera. That’s not all, the app may also gain access to file-reading and writing privileges. Also Read - Coronavirus: This pandemic is also delaying new emojis as Unicode 14.0 release pushed back
Watch: Top 5 apps providing free services during coronavirus pandemic
Such malicious applications were not found on Google Play Store but were discovered in new Coronavirus-related domains. Researchers believe these domains are created specifically to deceive the masses by leveraging the fear of circling coronavirus. What is even worse is the ease with which these malicious apps can be created Also Read - Coronavirus patients can infect 406 people in 30 days if not isolated, reveals ICMR study
Malware apps are made in just 15 minutes
Researchers from Check Point began tracing the origins of these malicious applications. The applications were crafted via Metasploit, a free-penetration testing framework that makes hacking simple. Using the framework, anyone with basic computer knowledge can craft the same malicious applications in just 15 minutes. The steps too, are surprisingly simple. Point Metasploit at your target, pick an exploit, choose a payload to drop, and hit Enter. In this case, the Metasploit crafted apps were targeting everyday people searching for Coronavirus related content.
These apps often had seemingly harmless names like ‘coronavirus.apk’. This app can be easily delivered and installed on a large number of devices and can execute device takeover. Further, once executed on Android devices, the app starts a service that hides its icon, effectively making itself invisible. It continues by connecting to a C&C server (Command and Control) stored in an array in the malware’s code.
About 16 such applications were discovered recently. They all pretended to be genuine coronavirus applications. Since January 2020, over 50,000 new coronavirus domains were created. About 0.4 percent (131 domains) of these are expected to be malware-oriented. Another 9 percent (2,777) were suspicious domains.