With the following tips and techniques, we can stand united against the heinous hackers who are milking pandemic fears gleefully.
Skilled threat actors are exploiting peoples’ concerns about the novel coronavirus to spread mobile malware, including Mobile Remote Access Trojans (MRATs), banker trojans, and premium dialers, via apps that claim to offer coronavirus-related information and help for users.
Check Point’s researchers have so far discovered 16 different malicious apps, all masquerading as legitimate coronavirus apps, that contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues from premium-rate services.
It is important to note that none of the malicious apps mentioned was available on an official app store. They were offered from new coronavirus-related domains, which researchers believe had been created specifically with the aim of deceiving users.
As reported recently, more than 30,103 new coronavirus-related domains were registered in the past weeks, of which 0.4% (131) were malicious and 9% (2,777) were suspicious and under investigation. Over 51,000 of coronavirus-related domains in total have been registered since January 2020.
How to protect yourself?
It is important that users only download apps from legitimate app stores such as Google Play and Apple’s AppStore.
If you suspect you may have one of these infected apps on your device, here is what you should do:
- Uninstall the infected application from the device.
- Check that your device has the latest security patches for the operation system and applications.
- For your personal device, we recommend using a mobile-specific security solution to check that all the apps on your phone are legitimate and not malicious.
- Do not connect to public wi-fi networks (especially for activities that involve sensitive data).
- Enable ‘remote lock’ and data wipe features for mobile devices (if available).
- Avoid answering unsolicited calls, or even block them.
- Make sure you only use websites secured with SSL.
- Download applications only from the official app stores. Even then, ensure that you watch for suspicious activity from official apps because app stores have been known to falter.
The frightening thing is the speed and ease with which hackers are creating and improving these device takeover apps. Observe the tips above, and always adopt a zero-trust attitude when encountering weblinks and login requests.