Hackers target Indian users with fake COVID-19 vaccine registration message

Hackers first send users an SMS message which says “REGISTER FOR COVID VACCINE from age 18+” and asks users to register with the ‘COVID-19’ app.

May 05, 2021 12:56 pm | Updated November 18, 2021 04:18 pm IST

Hackers target Indian users with fake COVID-19 vaccine registration message.

Hackers target Indian users with fake COVID-19 vaccine registration message.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

India opened its vaccination programme for 18 – 44 age group on May 1, qualifying all of its entire adult population eligible for COVID-19 vaccines. While people find it hard to get slots, many app developers have built websites to provide people information on when slots are open.

Hackers are now targeting unsuspecting users by circulating a fake SMS message that claims to offer an app for vaccine registration.

Security researcher Lukas Stefanko who spotted the malware, explained on Twitter how it works.

Hackers first send users an SMS message which says “REGISTER FOR COVID VACCINE from age 18+” and asks users to register with the ‘COVID-19’ app. Once the user downloads the app with the link provided in the message, it requests permission to access all the contacts and messages. The malware then uses the contacts fetched from the device to spread to other devices via text messages.

Stefanko added that the app was updated with a light mode and the name was changed to ‘Vaccine Register’. As of yet, the penetration has been limited to Android users.

Also Read:Delhi govt. opens 301 vaccination sites in 76 schools for 18-44 age group

Cybersecurity firm, Cyble, also acknowledged the malware and noted that the fake COVID-19 vaccine registration app collects sensitive information from the user’s device. The firm also listed activities performed by malware on the device. It includes using the device for unauthorised activities, exposing personal data from the device and mobile accounts, and unauthorised deletion of data from the mobile device or services.

Additionally, the malware can also use billing plan by automatically sending messages without their knowledge.

“We found from twitter with many abandoned repositories that contains the list of similar apps under different names and functionalities but replicates the same permissions and entry points,” Cyble explained in a blog post. “These apps seem to have been developed by the same developer.”

The firm urged users to keep their antivirus updated to detect and prevent malware infections. It also suggested the use of strong passwords and two-factor authentication during logins.

Besides, users must verify the permissions requested by the app before granting access.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.