![]() ![]() During the coronavirus outbreak, it's important to protect yourself online just as it's important to protect your health. ConclusionĪs we mentioned in a previous post, attackers are going to take every opportunity to victimize users. It states: " Get safety from corona virus by using Face mask, click on this link download the app and order your own face mask - hxxp://coronasafetymask.tk"īy sending itself to a victim's contact list, this malicious app aims to spread itself over and over (which can result in hefty usage charges for victims). The screenshot below shows how the received SMS message appears. We allowed the app to dynamically run in a controlled environment. The screenshot below shows sendTextMessage, an Android function to send out SMS messages to all contacts. Once all the contacts are collected by the app, it sends SMS messages to all the contacts with a download link in an effort to spread itself to more users. If it has not, it collects all the victim's contacts, as shown in screenshot below :įig. The app checks whether it has already sent SMS messages or not. The app simply opens an online portal in the default browser.Īlong with all the above activities, an important functionality takes place behind the scenes. We believe the app is in its early stages and this (and other) functionalities will be added as the app is updated. There's the threat that the malware could ask the victim to pay online for the mask and steal the credit card information, but we did not find any such functionality in the app. ![]() If the app is installed, it asks the user to click a button that leads to an online portal responsible for selling masks online. The screenshot below shows this functionality: This is a huge red flag for the user to immediately discard the app. ![]() ![]() Once the user installs the app, it asks for permission to read contacts and send SMS messages. Another domain, hxxp://coronasafetymask.tk, asks users to install an APK to receive a "Corona Safety Mask." The app claims it can notify the user when anyone infected with coronavirus is nearby. ThreatLabZ researchers recently came across a domain named coronavirusappsite that was serving Android ransomware. Amidst the coronavirus/COVID-19 pandemic, attackers continue to seek ways to exploit the public's fears to victimize online users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |