Fake Malicious Mobile Applications Imitating Contact-Tracing Applications

Many countries are implementing contact tracing applications as they progressively move out of their lockdown phase. Threat actors are capitalising on such implementations to conduct malicious activities through fake mobile applications that imitate official COVID-19 contact tracing applications. These fake applications are usually embedded with trojans or malware that, when executed, could be used to monitor user's activities on the device and/or steal their personal data.

Users are recommended to adopt the following measures to avoid downloading fake and malicious applications to your mobile devices:

• Only download applications from the official Play Store (Android) and App Store (iOS).

• Check the developer information on the application listing. Only download applications developed and listed by the official developer.

• Pay attention to the security permissions required by the application and/or its privacy policy before downloading. Be wary of applications that ask for unnecessary permissions on your device.

• Look through the application’s reviews, and be wary of poorly-reviewed applications. Multiple poor reviews or comments may be an indication of issues with the application.

Users who have downloaded applications from unofficial sources are recommended to delete them, and perform an anti-virus scan on their device(s) thereafter. In the event that users are unable to delete the application after it has been installed, they may wish to perform a factory reset on their device(s) to try to remove it. Users are reminded to do a backup of important data from the device(s) before proceeding to perform the factory reset.  

References:

https://support.tracetogether.gov.sg/hc/en-sg/articles/360050057093-10-June-2020-Android-APKs-impersonating-TraceTogether

https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data