June 10, 2020

Anomali Threat Research Detects Fake COVID-19 Contact Tracing Apps Spreading Malware

Cybercriminals Target Android to Steal Personal Information and Monitor Devices

REDWOOD CITY, Calif. — Wednesday, June 10, 2020 — Anomali, a provider of intelligence-driven cybersecurity solutions, today announced that threat actors are using fake COVID-19 contact tracing apps to infiltrate Android devices. After being downloaded, the apps install malware that can be used to steal data and conduct device surveillance. Governments around the world are working with app developers to provide legitimate COVID-19 tracing apps as part of their efforts to reduce the spread of the virus that is causing the global pandemic. Because contact tracing app programs are in widespread use and highly publicized, the likelihood that threat actors will try and capitalize on government programs will continue to increase.

The Anomali Threat Research (ATR) team identified 12 fake apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore. The fake health-surveillance apps are downloading Anubis and SpyNote malware, and other instances of generic malware. Anubis is an Android banking trojan that utilizes overlays to access infected devices and then steal user credentials. SpyNote is an Android trojan used for gathering and monitoring data on infected devices. We believe the threat actors are distributing the malicious apps via other apps, third-party stores, and websites, among other channels.

Anomali Threat Research emphasizes that public and private sectors should use technology to assist in handling the crisis wherever possible, adding that we cannot overlook the fact that technology creates risk. Cybersecurity concerns must be addressed, as this research shows that threat actors are attempting to capitalize on these technology initiatives for malicious purposes.

The full findings are available on our blog, which includes images of the fake apps that have been detected.

In addition to this research, Anomali has identified more than 6,000 COVID-19 Indicators of Compromise (IOCs) that flooded the internet in the days following emergence of the pandemic. These are available to our customers via their licenses and open sourced to the security community.

About Anomali

Anomali® delivers intelligence-driven cybersecurity solutions, these include Anomali ThreatStream®, Anomali Match™, and Anomali Lens™. Private enterprises and public organizations use Anomali to gain unlimited visibility, speed time to detection, and constantly improve security operations. Anomali customers include more than 2,300 global organizations, many of the Global 2000 and Fortune 500, and large government and defense organizations around the world. Founded in 2013, it is backed by leading venture firms including GV, Paladin Capital Group, Institutional Venture Partners, and General Catalyst. Learn more at: www.anomali.com

News Contact

Joe Franscella
jfranscella@anomali.com