Malware researcher Lukas Stefanko first brought the issue to light on Twitter and it was also confirmed by cyber risk assessment firm Cyble.

Binary digitsImage for representation
Atom Malware Wednesday, May 05, 2021 - 14:59

Security researchers have reported that a new SMS malware is targeting Android users in India, who are looking for COVID-19 vaccine registration. The new malware impersonates the free vaccine registration app and tricks users into downloading a link that is reportedly fake. 

The SMS worm spreads via text messages and can gain unauthorised access to private accounts, expose personal data and delete data without the user’s permission. 

Malware researcher Lukas Stefanko first brought the issue to light on Twitter along with the Malware Hunter Team. He also shared a few screenshots depicting how the malware spreads via a text message.

The fake free vaccine registration app is provided as a link in the message. Once users click on it, the app gets downloaded and appears on the phone as the Vaccine Register app. It then asks the user for access to the contacts list, and permission to send and view text messages.

Australian cyber risk assessment firm Cyble also confirmed the same. It said that the variant of this malware is known as ‘SMS Worm’. “Once the unsuspecting users clicks the link, it downloads the worm’s executable code into the victim’s mobile phone, thereby infecting their devices. In addition, it automatically sends a copy of itself to every contact listed in the mobile phone’s contacts list,” Cyble said in a blog post.   

While trying to trace the source of the fake app, Cyble claims that it found several abandoned repositories on Twitter with similar-looking apps but with different names. 

"New variants of SMS-worms for Android do not appear very often, and this particular variant is an interesting piece of malware and part of a unique attack. Besides tricking unsuspecting users into installing a worm and other software that they may not want, the worm can also use up their billing plan by automatically sending messages without their knowledge," Cyble added. 

Cyble findings further reveal that this malware is currently targeting Android users only, and there is no evidence to suggest that a similar malware is targeting iOS users as well. 

Here are a few tips to stay safe: 

> Avoid downloading any apps or clicking on links sent by unverified sources.

> Keep your antivirus software updated to detect and prevent malware infections. 

> Before granting access to any app, verify the privileges and permissions requested by the app.

> Enable two-factor authentication during logins and use strong passwords.

> Keep your system and applications updated.

Become a TNM Member for just Rs 999!
You can also support us with a one-time payment.