Fake COVID-19 vaccine registration SMS can trick you into installing malicious app, steal your contacts to inflict more damage

This malware campaign is said to be currently targeting India. (Photo credit: @LukasStefanko)

The government of India has kicked off country’s largest vaccination drive against the novel coronavirus, but getting a slot to get vaccinated is not all that simple especially for those in the age group of 18-44. Availability of slots is subject to availability of vaccines and registrations remain choppy at best. In order to make the process wee bit more user friendly, several developers have designed notify-me websites that can tell you when slots open, though you will still need to head over to CoWIN, government’s official portal to complete the rest of the formalities. In the middle of all this, some malicious elements have also started to take advantage of the situation. Security researchers have found and brought to light a new “SMS worm” designed to trick unsuspecting people into installing malware on their Android devices under the guise of a COVID-19 vaccine registration app.

SMS Worm: what is it, how it works

First spotted by malware researcher Lukas Stefano and independently confirmed by cyber risk assessment firm Cyble, the SMS worm works by sending text messages containing a link to a website to potential victims. An executable code is downloaded on their device, should they click on the link, thereby rendering it infected. Thereon, hackers can initiate a broad range of attacks ranging from using the device for unauthorised activities to exposing personal data. Not just that, the SMS worm can also automatically send a copy of itself to every contact listed in the device repeating the chain of events without the victim’s knowledge.

Also Read | Having trouble finding slots on CoWIN? These COVID-19 vaccine appointment tracker sites can save you some time

“Our investigation indicated that this malware campaign is currently targeting India as the country struggles with the ongoing onslaught of the pandemic,” Cyble said in its report.

Android SMS Worm Impersonating COVID-19 Vaccine Registration App Spreads via Text Messages
Read full article here: https://t.co/zGbH62vtY1#Malware #cybercrime #COVID19 #vaccine #CovidVaccine #Android #androidapp #cybersecuritytips #cybersecurity #CyberAttack #DarkWeb pic.twitter.com/YYIsXg6lvJ

— Cyble (@AuCyble) May 3, 2021

Upon close examination, the cyber risk assessment firm found “many abandoned repositories that contains the list of similar apps under different names and functionalities but replicates the same permissions and entry points, assuming all were from the same developer.” Based on the findings, it said this was a “unique” attack since new variants of SMS-worms were not all that common. And yet, there seems to be multiple copies of it — under different names — doing the rounds of the internet with no clear information when and how all this started. The identity of the developer also remains a mystery for now.

How to stay safe

Hackers scheming under such circumstances isn’t new or surprising and each day it becomes abundantly clear that they aren’t letting the coronavirus pandemic go to waste. Cyber-criminals have been churning out thousands of coronavirus-related websites since last year painstakingly exploiting common terms like coronavirus, covid, or vaccine. While some may be legitimate, a large number of these websites are malicious, designed to host phishing attacks, distribute malware, or scams in general to trick people into sharing their credit/debit card information or buy fake products said to cure COVID-19.

SMS worm impersonates Covid-19 vaccine free registration

Android SMS worm tries to spread via text messages as fake free registration for Covid-19 vaccine – targets India ????????
It can spread itself via SMS to victim contacts with link to download this malware. https://t.co/EXAAGARqOP pic.twitter.com/HX957bPVu5

— Lukas Stefanko (@LukasStefanko) April 29, 2021

The only way to stay safe is to be aware and think twice before clicking on a link, especially ones you get out of the blue from unknown contacts. The only way to register for a COVID-19 vaccine in India is through the CoWIN portal and the Aarogya Setu and Umang apps. There are also third-party websites designed to notify you when a slot maybe available, but again, you cannot register or book a slot through any of them. That alone filters out a lot of things and helps keep tabs on who to trust and what link to click on.

Cyble mentions a few other things you can do to ensure online safety including keeping your device and apps updated, using strong passwords and enabling two-factor authentication, and verifying the privileges and permissions requested by any app before granting access.

Also Read | Pulse oximeter, Oxygen concentrator buying guide: How they work and how to pick the best one for you