Hackers Are Releasing Fake Contact Tracing Apps — CyberHoot

During the coronavirus pandemic, Contact Tracing is being used to slow the spread of the virus. Contact Tracing is the process used to identify, trace, and contact people potentially exposed to a highly infectious virus such as COVID-19 in the recent past. Contact Tracing is a critical capability needed to re-open businesses to avoid a second and potentially more devastating wave of infections. Hi-tech companies such as Apple and Google have released contact tracing apps for their mobile phones, but are not yet formally coordinating with US government entities.

Beside obvious privacy concerns with the data being generated by Apple and Google in their Contact Tracing applications, another insidious risk exists. Hackers have begun to release bogus, malicious contact tracing applications of their own.

How might hackers attack with a bogus contact tracing app?

Phishing Attacks

The first attack method, which has been used since the start of this pandemic, is through contact tracing related phishing attacks. Hackers are sending hospital notifications to unsuspecting email recipients. The email notice states that a friend, colleague, or family member tested positive for COVID-19 and the recipient of the email has been exposed. You are to download and complete a “pre-filled” form to schedule your test and prevent the virus’s spread. Unfortunately, the attachment contains malware that compromises your computer.

Malicious Applications

A second method of attack is where hackers create a malicious Contact Tracing applications for your mobile device. One study, bycyber-criminals have impersonated 12 government contact tracing apps for countries such as Italy, Russia, Singapore, and Columbia to infect unsuspecting users. These bogus apps install trojan malware such as Anomali — a threat Research company, claims Anubis, or Spynote enabling the app to steal the user’s personal information. While these apps were not found in Google’s Play Store or Apple’s App Store, users trusted the government moniker even to install and infect themselves with the malware.

How to Avoid these Threats

Always be vigilant with the actions you do online, especially when asked to install something on your device.

  • Never install apps except from Google’s Play store and Apple’s App stores.
  • Install mobile security software to protect your mobile device from viruses. Again, only install this from Google’s Play store or Apple’s App Store.
  • ​Do not click any links in emails you did not expect.
  • Watch out for links to potentially fake COVID-19 websites.
  • Visit only reputable COVID-19 websites. Safe sites include:
  • Centers for Disease Control (CDC)
  • World Health Organization (WHO)
  • John Hopkins University

Avoid phishing emails by watching for these Red Flags in your email:

  • Generically addressed emails (Dear Sir, Dear Madam, or Valued Client).
  • Receiving an unexpected email urging you to take action.
  • Poor spelling, grammar, and punctuation.
  • Email containing attachments. Never open attachments you did not request, even from people you know without checking with them first.

Every company benefits from regular employee awareness training on emerging cyber-threats and perennial attack methods such as weak passwords, phishing emails, and social engineering attacks. Therefore,

  • Train employees on cybersecurity topics and best practices at least monthly.

Originally published at https://cyberhoot.com on June 23, 2020.

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure: https://cyberhoot.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Intelligence Preparation for the Cyber Environment (IPCE): Enhancing your Security Operations

Close Proximity iPhone Hack — CyberHoot

Verifiable Credentials — beyond the Hello World

Four Key Components Of Metcalfe Chain — — MBFT Consensus

Updating Your Nexus — Step by Step

Philakone Crypto Trading Honest Review [DON’T BUY BEFORE YOU READ THIS]


5 Reasons why Cyber Essentials is Important?

Cyber Essentials certified logo

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ty Mezquita — CyberHoot

Ty Mezquita — CyberHoot

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure: https://cyberhoot.com/

More from Medium

Offensive Security Proving Grounds Walk Through “Sybaris”

Security Advisory: Critical Linux Vulnerability

Install Zabbix Agent and Add Dashboard with PSK

Detecting memfd_create linux fileless malware with EBPF