Malicious Covid-19 Vaccine Message Attacking Android Phones: Cyber Agency CERT
A fake COVID-19 vaccine registration SMS that “maliciously” gains entry into a users’ Android phone leading to compromise of individual contact list is in circulation, the central cyber security agency has alerted.
The harmful SMS has been identified by at least five variants.
“It has been reported that a fake SMS message is in circulation that falsely claims to offer an app to let users register for COVID-19 vaccine in India.”
“The SMS carries a link that installs the malicious app on Android-based devices, which essentially spreads itself via SMS to victims’ contacts,” the Indian Computer Emergency Response Team or CERT-In said in a public advisory issued on Saturday.
The agency is the federal technology arm to combat cyber attacks and guarding the Indian cyber space against phishing and hacking assaults and similar online attacks.
It added that the “app also gains unnecessary permissions that attackers could leverage to acquire user data such as contact list.”
Some of its identified variants are: Covid19.apk; Vaci__Regis.apk; MyVaccin_v2.apk; Cov-Regis.apk and Vccin-Apply.apk.
The advisory said that the only “official” online link to register for coronavirus vaccination in the country is the portal– http://cowin.gov.in.
It asked users to be alert against all attempts of phishing through fake domains, emails and text messages that promise registration for a jab against the pandemic.
As part of measures to check such malicious attempts of data breach, it advised users to tune their phone setting in a manner that disables installation of apps through “untrusted sources” and that sides should undertake safe browsing and use trusted anti-virus and internet firewall tools.
India at present is administering two COVID-19 vaccines — Covishield and Covaxin — to its citizens and according to official data, the central government has so far provided nearly 18 crore vaccine doses to states and union territories.