Shivang Desai, a researcher with an American security firm Zscaler, has found a new malicious Android app that claims it can get a “Coronavirus safety mask” for you. The multi-step scam website reads: “Get safety from coronavirus by using Face mask, click on this link download the app and order your own face mask – hxxp://coronasafetymask[.]tk.” Once the user clicks the link, it would take the user to a web portal where they are asked to download the app. It will read: “Download App From Below Button And Install. You Will Get A Corona Safety Mask.” When the user clicks the button, it will download an Android Application Package (APK) file on the computer or smartphone, which can be sideloaded or installed onto an Android device. While installing the app, it will ask for permission to read contacts and send SMS messages from the user’s device. This is when the user needs to immediately discard the app as it is an indication that it is a malicious app. On the other hand, if the user installs the app, it will ask the user to click a button that will lead to a second online scam site responsible for selling masks online. The app simply opens an online portal in the default browser and the user gets no mask. Meanwhile, along with all the above activities, an important functionality takes place behind the scenes. The app checks whether it has already sent SMS messages or not. If it has not, it collects all the victim’s contacts. Once all the contacts are collected by the app, it sends SMS messages to all the contacts with a download link in an effort to spread itself to more users. By sending itself to a victim’s contact list, this malicious app aims to spread itself over and over (which can result in hefty usage charges for victims).
Currently, the app is only getting hold of the victim’s contacts and messaging them but it could in the future ask them to pay and steal credit card information, says Shivang. “There’s the threat that the malware could ask the victim to pay online for the mask and steal the credit card information, but we did not find any such functionality in the app. We believe the app is in its early stages and this (and other) functionalities will be added as the app is updated,” Shivang wrote in a blog post dated March 19, 2020. Meanwhile, the researcher suggests users to follow the below precautionary measures to protect themselves from online scams: · Install apps only from official stores, such as Google Play. · Never click on unknown links received through ads, SMS messages, emails, or the like. · Never trust apps with claims that seem unrealistic. (There is no technology yet invented that can inform a user whether a coronavirus patient is nearby.) · Always keep the “Unknown Sources” option disabled in the Android device. This disallows apps to be installed on your device from unknown sources. Last week, we had reported how cybercriminals are using a malicious Android app called ‘CovidLock’ claiming to help track cases of coronavirus (COVID-19) but instead installing ransomware and locking users out of their device.