Fake coronavirus tracking apps are really malware that’ll stalk you
For the most up-to-date news and information about the coronavirus pandemic, visit the WHO website.
Theoutbreak is facilitating invasions of privacy, with apps about the pandemic being retooled to track a person’s every move.
Researchers from mobile security company Lookout discovered an Android app called “corona live 1.1,” which pretends to be the real “corona live” app and uses the Johns Hopkins coronavirus tracker — an actual and legitimate resource for tracking infection rates, death counts and recovery rates around the world.
While people using the app thought they were keeping tabs on the, the malicious app was actually tracking them: getting access to the device’s photos, videos, location and camera. The camera access would allow the attackers to take photos and record videos and audio, Lookout said.
“This surveillance campaign highlights how in times of crisis, our innate need to seek out information can be used against us for malicious ends,” Lookout said in a blog post. The security company warned against downloading apps from a third party because of the security concerns.
Lookout’s findings aren’t the only case in which apps are using coronavirus anxiety to surveil people en masse. TechNews reported that the Iranian government’s official coronavirus tracking app raised privacy concerns after users accused it of collecting phone numbers and real-time location data.
The coronavirus outbreak has spread at an alarming rate, forcing cities to shut down and major events to be canceled in an attempt to slow the rate of new cases. Fear over the outbreak has caused people to panic buy and spread false information. Hackers have always exploited current events, like tax season or award shows, to trick victims into cyberattacks they normally would not fall for.
The coronavirus outbreak is no different. Security researchers have seen an uptick in hacking attempts amid the pandemic, and as in the case of the malicious apps, the attacks have gone beyond well-disguised emails.
The pandemic has also created a path for surveillance. The Israeli government is tracking citizens using their phone location data to stop the spread of the coronavirus, and the US government is considering a similar approach.
The Lookout researchers who found the fake coronavirus tracker app linked it to SpyMax, a low-cost commercial surveillanceware tool that people can buy online. The tool is implemented in apps and can then remotely activate cameras and microphones, as well as read call logs, text messages and locations.
Lookout said the spying app it discovered wasn’t alone, and is tied to a larger surveillance campaign targeting people in Libya. While the campaign has had many different disguises since April 2019, its two latest spying apps are coronavirus-related, Lookout said.