Over the past few weeks, the Avast Threat Lab team has been monitoring a rise in fake and malicious Covid-19 apps claiming to offer everything from cures to information about local infection rates. Once these apps are installed on a smartphone or tablet, they allow cybercriminals to access the device’s location and contacts, steal online banking login credentials, or lock the device and demand a ransom from the owner in order to regain access to it (this is known as ransomware).
Here are three counterfeit Covid-19 apps that you should avoid, however there are many more in circulation:
Covid19 / Coronavirus Tracker: A classic example of ransomware, which locks the user’s phone and demands a ransom of $100 to $250 in Bitcoin to unlock it.
Corona live 1.1: This app uses the official Samsung Health App’s icon, and has the ability to obtain the infected device’s location and contacts. It can also read text messages, access the smartphone camera and take pictures, record audio, check running apps, and much more. It reports the data back to a URL host which is associated with other malware samples.
Coronavirus: This app also harbours malware, specifically the famous banking trojan Cerberus which creates an overlay over real banking apps to steal people’s login details. It can also access text messages and harvest contact lists.
Cybercriminals are opportunists, and more malicious apps are expected to spring up in the coming days and weeks. Here are some top tips to help you spot the tell-tale signs of malicious apps and avoid installing them before it’s too late:
- Use official Covid-19 websites instead of apps. Practicing social distancing? Try distancing yourself from Covid-19 misinformation, too. There’s a lot of it out there. Visiting a website is usually much safer than installing an app on your device. In fact, most of the information that the apps claim to use comes from websites such as the World Health Organization and the Centers for Disease Control and Prevention. Use these resources instead.
- Only install apps from official stores. The vast majority of malware is spread through unofficial third-party app stores, so make sure any app that you download comes from the Google Play Store or the Apple App Store.
- Get a second opinion on the app. Before you install a new app, take a look at how many downloads it has so far and check out the reviews. Does the name of the app developer look suspicious? This will give you a good temperature reading on whether it’s benign or bad.