Kathmandu, March 29
Watch out Android Users! The ongoing COVID-19 pandemic is proving to be an opportunity for cyberattackers to stage cybercrime. The attackers launch malware attacks, phishing campaigns, create scam sites and malicious tracker apps. Android users are especially at high risk amidst the coronavirus outbreak.
Even third-party Android app developers have started to take advantage of this opportunity by including coronavirus-related keywords in their app names, descriptions, or in package names. This attempt is to rank higher in Google Play Store searches related to the topic, while, some are attempts to drop malware and penetrate financial theft.
Related Article: How Coronavirus is impacting Cyberspace.
Coronavirus-Related Keywords Ranking in Google Play Store
Hackers and third-party app developers are increasingly taking advantage of the crisis to sneak in adware, banking trojans (e.g., Joker, Anubis), under live tracking apps and the apps that provide the symptoms information of the disease.
Source: The Hacker News
Researchers observed 579 applications containing coronavirus-related keywords in their detail (package name, activities, etc.). Out of these, they reported that 560 are clean, 9 are trojans, and 10 are Riskware.
Most of these apps ranked higher in the Google Play Store search results because of the usage of coronavirus-related keywords. Even the names of old apps were changed to match up with the trending keyword. For example, Bubble Shooter Merge became Bubble Shooter Merge – Wash hands for Coronavirus.
Cyberattacks Amid COVID-19 Pandemic
There is, in fact, a rise in cyberattacks during the pandemic as hackers are taking advantage of a goldmine of opportunities. There have been reports of fraudulent websites trying to steal personal information of users by claiming to sell coronavirus ‘vaccine’ kits.
A group of hackers even targeted the World Health Organization (WHO) via a phishing attack. The reason seemed behind this attack seemed to be demanding ransom in exchange for not publishing sensitive information. The phishing domain tried to trick the employees into entering their credentials.
Similarly, the medical sector is highly vulnerable to cyberthreats. Hackers are trying to get possession of sensitive medical records, and possibly a potential cure for the virus.
According to Kaspersky researchers, a threat called Ginp Clickbait Trojan is taking advantage of Android users. This infamous trojan is known to steal credit card information from victims.
The Ginp Clickbait
It isn’t the first time that the Ginp trojan has become a threat!
In October 2019, the trojan targeted Spanish banks and other legitimate banking apps to send messages and make calls, without the knowledge of the victims.
The difference now is that it is back to take advantage of the fear of people amidst the coronavirus outbreak.
Once the Trojan is downloaded on the victim’s phone, the attacker sends a special command to the Trojan to open a webpage called “Coronavirus Finder.”
The tracking webpage displays the number of infected people near the victim’s location. Then, it asks the victim to pay 0.75 Euros to see the exact location of the infected people.
If the victim agrees to pay, the Trojan redirects them to the payment webpage where they will need to enter their payment details. Once they enter the details, the victims need not pay extra charges nor receive any information about the location.
Although, the credit card information of the victim is now accessible by the hacker.
Kaspersky’s Security Expert, Alexander Eremin, said, “We encourage Android users to be particularly vigilant at this time–pop-ups, unfamiliar web pages, and spontaneous messages about coronavirus should always be viewed skeptically.”
In fact, it is an alarming matter as Ginp is such an effective Trojan.
How to Take Precaution Against Ginp Clickbait Trojan
The researchers at Kaspersky suggest the following precautionary measures to avoid exposure to the Trojan:
- Install or update Android apps only from Google Play (limit downloads from third-party apps).
- Do not click on suspicious links, especially those claiming to have a cure for the coronavirus. (Make sure to not give away sensitive information like login, password or credit card information to wherever those links redirect)
- Do not give these apps any permission to access your sensitive information if they request it (except for other trusted anti-virus apps).