SMS malware acts like Covid-19 vaccine registration app, targets users in India and spreads via text messages
A new malware said to be targeting Android users in India impersonating the Covid-19 free vaccine registration app has been reported by security researchers. Like other malicious software, the new malware tricks users into tapping on a link and downloading the Covid-19 vaccination registration app that’s reportedly fake. Dubbed SMS Worm, the new malware spreads via text messages and steals the contacts list from the victim’s device.
Malware researcher Lukas Stefanko first reported the SMS Worm on Twitter, where he claimed that the new Android malware is targeting Indian users. He also shared some screenshots of how the malware spreads via a text message. Once users download the fake free vaccine registration app via the link provided in the message, the app appears on the phone as the Vaccine Register app, requests access to the contacts list, and permission to send and view text messages.
Cyble, an Australia-based risk intelligence firm, has further revealed how the SMS Worm malware operated. According to Cyble, the malware performs different activities on the victim’s device, once downloaded, like enabling unauthorized access or restricting access to private accounts and services, using the device for unauthorized activities, exposing personal data from the user’s mobile device and accounts, and unauthorized deletion of data from the mobile device or services.
While further investigating the source of the SMS Worm malware, the firm found that there are tons of abandoned repositories with similar-looking apps on the Internet and claims could have been developed by the same developer.
“New variants of SMS-worms for Android do not appear very often, and this particular variant is an interesting piece of malware and part of a unique attack. Besides tricking unsuspecting users into installing a worm and other software that they may not want, the worm can also use up their billing plan by automatically sending messages without their knowledge,” Cyble says in a blog post.
India Today Tech spoke to Abhishek Bakshi from the Cyble team to understand how severe the new SMS Worm malware is. First, we wanted to know how Cyble identified such malware, Bakshi explains, “There are two primary ways to find new malware. First, there is a lot of data from Twitter or Telegram, which has a lot of hashtags. The second is a more authentic way where our researchers actually communicate with threat actors. In this case, the threat actors usually respond with details like they have data of say 100 people from India and then, we try to verify after getting some data like snapshots from the date of the attack. Let’s say they have account details of thousands of users, so once researchers have identified this is genuine data that the threat attacker claims has and these are the steps the attacker probably took to exploit the data, then that is how we determine the attack that happened.”
The next thing we wanted to understand was whether India was the only target of the new SMS Worm malware and why just Android users. “This may or may not be specific to India in terms of a planned attack. Considering the global news outlets have been widely reporting about the ongoing pandemic situation in India, this also makes it a good time for attackers to take advantage of this sort of situation,” Bakshi added.
On Android-specific malware, Cyble findings reveal that this is malware that’s targeting Android users. At this point, the team was unable to verify whether a similar malware was targeting iOS users as well. “The adoption of Android in India is far more than compared to iOS. And this applies to not only cities but also other regions of the country. For attackers, these users are more vulnerable to being aware of downloading an app from a link given in a message and thus, become an easy target for such malware attacks,” added Bakshi.
How to avoid getting tricked by similar malware that spreads via SMS
The best way to avoid getting duped by such malware is by avoiding downloading any apps or opening any websites via links sent by unverified sources.
If you have received a link via text message from where you can download an app, then avoid doing that. Download an app only from the official app store and Google Play store in Android’s case. Another good practice is checking what permission is being asked by apps on your phone.
To protect your data from hackers, try to use an additional protection layer like two-factor authentication.