COVID-19-Themed Malware Goes Mobile (Mar 19, 2020)
Cybercriminals have recently been using Coronavirus (COVID-19) in spearphishing campaigns but are now using the pandemic to spread malware in mobile devices. Threat actors are using legitimate and illegitimate mobile applications related to the coronavirus to spread malware including spyware. Researchers at Lockout have seen the malicious application ‘corona live 1.1’ which spoofs the legitimate app ‘corona live’ to conduct mass surveillance on civilians in Libya. Avast researchers observed a ransomware called ‘CovidLock’ which masquerades as an application for COVID-19 information tracking which will actually lock people’s phone screens until they pay a ransom.
Recommendation: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. Cybercriminals are using third party stores such as the Google Play store to distribute their malware as a large number of mobile users wouldn’t suspect malicious content on them. Therefore, if applications installed request for further permissions beyond what is specified, then it should be treated with caution and reported to the relevant authorities.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.