Not all COVID-19 information Apps are safe. Fake Apps carry malware, warns Google Play

Under the lockdown situation in India and other countries, where a common man is cut off from the outside world, digital means are the best way to source information on COVID-19. And it is quite natural for any tech-savvy person to download an App that could constantly update on information related to COVID-19. But this need has created an open door for malicious Apps to make entry into the App Store of both Google and Apple.

It is believed that both legit and malicious Android and Apple App developers have started capitalizing on the coronavirus outbreak to rank in the play store with COVID-19 as a keyword. Using COVID-19 as a keyword, globally, several App developers have used this outbreak situation to make fake COVID-19 tracking maps that are capable of distributing malware and phishing scams. Cybersecurity experts from around the world have observed several Trojan campaigns tricking people into downloading fake COVID-19 Apps. There is also a dangerous ransomware software circulated in the pretext of an Android COVID-19 tracker App that supposedly allows users to keep an eye on the spread of the virus, but locks victims’ phone and demands money to unlock it.

Observing these malicious activities, Google and Apple have promptly taken action on fake mischievous apps to fight fake coronavirus-related misinformation on their App stores.

In response to this, Apple’s developer community has said, “The App Store should always be a safe and trusted place for users to download apps. Now more than ever that commitment takes on special significance as the world fights the COVID-19 pandemic. Communities around the world are depending on apps to be credible news sources — helping users understand the latest health innovations, find out where they can get help if needed or provide assistance to their neighbors. To help fulfill these expectations, we're evaluating apps critically to ensure data sources are reputable and that developers presenting these apps are from recognized entities such as government organizations, health-focused NGOs, companies deeply credentialed in health issues, and medical or educational institutions. Only developers from one of these recognized entities should submit an app related to COVID-19. Entertainment or game apps with COVID-19 as their theme will not be allowed.”

Google, on the other hand, has stopped showing results on search about coronavirus on its Play Store. If any user searches for these specified terms, the user would end up with a ‘no results found’ message. Google Play Store has now launched Coronavirus: Stay informed – A list of Authorized Apps that are genuine.

Cybersecurity firm TrendMicro notes that COVID-19 is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.  As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on COVID-19 related malicious campaigns.

TrendMicro's latest report  titled 'Developing Story: COVID-19 Used in Malicious Campaigns' reports 

"A new cyberattack has been found propagating a fake COVID-19 information app that is allegedly from the World Health Organization (WHO). Bleeping Computer reports that the campaign involves hacking routers’ Domain Name System (DNS) settings in D-Link or Linksys routers to prompt web browsers to display alerts from the said apps. Users reported that their web browsers automatically open without prompting, only to display a message requesting them to click on a button to download a “COVID-19 Inform App.” Clicking on the button will download and install the Oski info stealer on the device. This malware variant can steal browser cookies, browser history, browser payment information, saved login credentials, cryptocurrency wallets, and more."

India in an attempt to deliver authentic information is in the process of developing an App called Co-Win 20. NITI-Aayog is working on this App - CoWin-20 - that will help users check the spread of the coronavirus infection and help curb community transmission by tracking individuals by their smartphone locations. The app is currently in beta testing for both iOS and Android platforms. With CoWin-20, the Indian government aims to track the individuals’ personal travel history to determine if at all they are potentially at risk of the coronavirus. The application also helps figure how many people might have come in contact with those individuals, then quarantine people if need be. The highlight of the app is that it will track the community transmission of the coronavirus. Additionally, the App will have details and other information about the location of testing labs; quarantine centers in Indian cities; travel and government advisories and safety measures and precautions guided by the Government of India.

Recently, the Ministry of Health and My Gov India, a citizen engagement platform of Government of India, along with the Facebook-owned messaging app, WhatsApp, rolled out helpline number +919013151515 to ensure that citizens of India receive accurate and verified information on COVID-19.

It is also wise to follow updates on COVID-19 from trusted sources like the Indian Council of Medical Research (ICMR) or the World Health Organization (WHO). To make sure you get the best information on COVID-19, resources are available from the Ministry of Health & Family Welfares. The social handles of the Ministry are periodically updated for the benefit of the public to gather relevant and accurate information on COVID-19.

Thus, Stay-at-home. It is wise to stay safe online as well as offline.