Beware of Fake COVID-19 Vaccine Registration Message
Covid19 has gripped India with yet another wave that has led to almost 2 crore people being infected and seems to be difficult to handle by the Indian government. The coming of vaccines was a source of relief for the people of our country. From the 1st of May, the vaccination drive for the 18-44 age group has started. There has been great enthusiasm shown by the citizens to get themselves vaccinated. Registering yourself and getting a slot has not been easy.
On one hand, there are many people who have developed websites and accounts on different social media platforms to provide people with information on various topics regarding Covid updates and the availability of slots in various vaccine centers across the country. Hackers, on the other hand, are taking advantage of this situation that claims to provide an app for vaccine registration by circulating fake messages.
This new malware has been detected by Lukas Stefanko, a malware researcher at ESET. According to him, the hackers send an SMS that says “Register for Covid Vaccine from age 18+” to Android phone users with a link to the Covid19 vaccine registration app which is reportedly fake. Once the app is installed it provides its users with critical security permission to access your messages, contact list, location tracking, and network information discovery details. The researcher at ESET first reported this information on Twitter where he claimed that the new malware has been targeting mostly Indian users.
Further information about the SMS malware has been provided by Cyble, an Australia-based risk intelligence firm. Once you download the app, the malware performs different activities on the victim’s device, like enabling unauthorized access or restricting access to private accounts and services, using the device for unauthorized activities, exposing personal data from the user’s mobile device and accounts, and unauthorized deletion of data from the mobile device or services. After further investigating the firm also found out that there are similar-looking apps on the internet and suspects that they could have been developed by the same developer.
Cyble in a blog post said that “new variants of SMS-worms for Android appear frequently but this particular variant is a part of a unique attack and an interesting piece of malware”. Without the users’ consent and their knowledge, the hackers are also sending messages of billing plans. The best option to avoid being tricked is not to download any apps or opening any links sent by unverified resources. Make sure to only download from Google Play Store and also read the reviews below the description of the app.
The users are requested to keep their antivirus updated to detect and prevent any kind of mishappening. The use of strong passwords and two-factor authentication during logins is another prevention method. Another good practice is checking and reading the permissions which are being asked by apps on your phone while downloading any app.