Spyware Masquerading As Coronavirus App Can Access Your Android Camera And Microphone
The spread of coronavirus worldwide has given threat actors ample opportunity to spread viruses in the cyber-world as well. Banking on the fears and everyone's efforts to stay updated with accurate information on the situation, hackers have begun spreading many different kinds of malware through all sorts of coronavirus related apps and pages.
One of the latest finds of security researchers from Lookout is an Android app that masquerades as a coronavirus tracker. The app is said to be distributed through links in text messages that are sent out directly to Android devices. The bogus COVID-19 tracker is not available for download from the Google Play store, limiting its reach.
This particular attack also seems to be part of a more extensive campaign located in Libya, that has been targeting Libyan individuals since at least April 2019. Researchers have stated that there have been over 30 malicious Android apps used in this 11-month long campaign, with two of the most recently detected samples exploiting the coronavirus pandemic.
One of the applications, titled "corona live 1.1", is the apparent coronavirus tracker, that informs users that it doesn't require special access privileges once it is first launched. As you begin to use the app, however, it requests access to device location, media, files, photos, and permissions to use the camera and microphone of the Android device.
The corona live 1.1 app is actually a SpyMax sample, disguised as a legitimate tool, providing an interface to the data displayed by the Johns Hopkins coronavirus tracker, while simultaneously collecting user data in the background.
SpyMax is an off-the-shelf "surveillanceware" product that can be easily acquired online for free. It appears to be developed by the creators of SpyNote, another low-budget Android spyware tool.
SpyMax gives the threat actors access to a variety of sensitive data on a victim's phone, including incoming and outgoing messages, and the ability to activate and use the cameras and microphone remotely.
Needless to say, using any connected devices in this time of global panic should be accompanied by that extra bit of caution, especially considering all the work-related changes that have increased everyone's dependability on online communication.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.