Coronavirus-themed scams show no signs of letting up as hackers have tried to breach mobile phone users in Italy and Spain, the two countries with the most deaths from the virus.
Attackers laced mobile apps with malware to try to steal data from, or otherwise compromise, Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps posed as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection.
“Because of the current situation, many [hacking] campaigns are either migrating to a COVID-19 theme or new campaigns are created with a COVID-19 theme,” said Lukas Stefanko, an Android security specialist at ESET.
The apps were available for download for a couple days, Stefanko said. It is unclear how many people downloaded them. The malicious app targeting Spanish users is no longer available; it is unclear whether the Italian app still is.
It is a reminder of the cruel opportunism with which many cybercriminals approach the crisis. When people turn to their phones for information on the deadly virus, hackers see an opening.
As of this writing, the novel coronavirus had killed 7,503 people in Italy and 4,089 in Spain, according to Johns Hopkins University data. Hospitals have been overwhelmed with patients, forcing health care workers to erect makeshift facilities.
The malicious Android app targeting Spanish users is a banking trojan — code designed to steal financial information — that emerged last year. It was available on a third-party malicious website and not the authorized Google Play store, ESET said.
SoftMining, the Italian company that created the legitimate app for COVID-19 tracking, has warned users that “some hackers are sending counterfeit versions of our app in which they have injected malicious code.”
#ESETresearch #COVID19 @LukasStefanko: Trojanized version of original SM_Covid19 awareness app targets #Italian 🇮🇹 users.
Trojan app contains the original app's functionality, but is also a malicious downloader.
Kudos to @malwrhunterteam 1/4 pic.twitter.com/MX1X7VyIef
— ESET research (@ESETresearch) March 25, 2020
Stefanko doesn’t know who is behind the attempts to hack these particular users. The two campaigns do not appear to be related, he said.
The malicious activity is part of a broader surge in COVID-19-related fraud and phishing in recent weeks. Some are using attention on the Johns Hopkins COVID-19 map to distribute malware. U.S. Attorney General William Barr has vowed that prosecutors will crack down in response.
In response to the increased cyber activity, many security professionals are volunteering their time to protect medical organizations from hacking.