Researchers have found an SMS worm designed to trick people into installing malware on their devices under the guise of COVID-19 vaccine registration app.

Fake COVID-19 vaccine registration SMS can trick you into installing malicious app, steal your contacts to inflict more damage

By: |
May 05, 2021 8:50 AM

"Our investigation indicated that this malware campaign is currently targeting India."

Fake COVID-19 vaccine registration SMS, COVID-19 vaccine registration, COVID-19 vaccineThis malware campaign is said to be currently targeting India. (Photo credit: @LukasStefanko)

The government of India has kicked off country’s largest vaccination drive against the novel coronavirus, but getting a slot to get vaccinated is not all that simple especially for those in the age group of 18-44. Availability of slots is subject to availability of vaccines and registrations remain choppy at best. In order to make the process wee bit more user friendly, several developers have designed notify-me websites that can tell you when slots open, though you will still need to head over to CoWIN, government’s official portal to complete the rest of the formalities. In the middle of all this, some malicious elements have also started to take advantage of the situation. Security researchers have found and brought to light a new “SMS worm” designed to trick unsuspecting people into installing malware on their Android devices under the guise of a COVID-19 vaccine registration app.

SMS Worm: what is it, how it works

First spotted by malware researcher Lukas Stefano and independently confirmed by cyber risk assessment firm Cyble, the SMS worm works by sending text messages containing a link to a website to potential victims. An executable code is downloaded on their device, should they click on the link, thereby rendering it infected. Thereon, hackers can initiate a broad range of attacks ranging from using the device for unauthorised activities to exposing personal data. Not just that, the SMS worm can also automatically send a copy of itself to every contact listed in the device repeating the chain of events without the victim’s knowledge.

Also Read | Having trouble finding slots on CoWIN? These COVID-19 vaccine appointment tracker sites can save you some time

“Our investigation indicated that this malware campaign is currently targeting India as the country struggles with the ongoing onslaught of the pandemic,” Cyble said in its report.

Upon close examination, the cyber risk assessment firm found “many abandoned repositories that contains the list of similar apps under different names and functionalities but replicates the same permissions and entry points, assuming all were from the same developer.” Based on the findings, it said this was a “unique” attack since new variants of SMS-worms were not all that common. And yet, there seems to be multiple copies of it — under different names — doing the rounds of the internet with no clear information when and how all this started. The identity of the developer also remains a mystery for now.

How to stay safe

Hackers scheming under such circumstances isn’t new or surprising and each day it becomes abundantly clear that they aren’t letting the coronavirus pandemic go to waste. Cyber-criminals have been churning out thousands of coronavirus-related websites since last year painstakingly exploiting common terms like coronavirus, covid, or vaccine. While some may be legitimate, a large number of these websites are malicious, designed to host phishing attacks, distribute malware, or scams in general to trick people into sharing their credit/debit card information or buy fake products said to cure COVID-19.

The only way to stay safe is to be aware and think twice before clicking on a link, especially ones you get out of the blue from unknown contacts. The only way to register for a COVID-19 vaccine in India is through the CoWIN portal and the Aarogya Setu and Umang apps. There are also third-party websites designed to notify you when a slot maybe available, but again, you cannot register or book a slot through any of them. That alone filters out a lot of things and helps keep tabs on who to trust and what link to click on.

Cyble mentions a few other things you can do to ensure online safety including keeping your device and apps updated, using strong passwords and enabling two-factor authentication, and verifying the privileges and permissions requested by any app before granting access.

Also Read | Pulse oximeter, Oxygen concentrator buying guide: How they work and how to pick the best one for you

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Realme Narzo 50A, Realme Narzo 50i launched in India: Check features, price
2iPhone 13 series decoded: Hands-on, first impressions and everything to know about Apple’s latest iPhones
3Twitter expands Tips globally with Bitcoin support, looks to bring recording, replaying options to Spaces