Several coronavirus-themed apps, often those offering disease-related information and help for users, have been found to be fraudulent, as they contain dangerous malware.
Researchers from Check Point, ZoneAlarm’s parent company, discovered 16 different malicious apps downloaded from coronavirus sites, all masquerading as legitimate coronavirus apps.
These apps were offered from new coronavirus-related domains, which we believe were created with the intent to deceive users. As Check Point recently reported, more than 30,103 new coronavirus-related domains have been registered, of which 0.4% (131) were confirmed to be malicious and 9% (2,777) are suspicious and have gone under investigation.
These malware include: Mobile Remote Access Trojans (MRATs), Banker Trojans, and Premium Dialers. These malware aimed to steal users’ sensitive information or funds from premium-rate services.
One example of these malware is Hiddad, which is short for “Hidden Ad”. This malware has been around for a while now and shows up in many different variants. This time, it decided to partake in the coronavirus celebration, disguised as a corona-Information app for Arab speakers, called ‘کرونا ویروس .apk’.
When executed, the Hiddad malware hides its icon so that it’s difficult to track and remove it.
It then goes on to distribute ads to the user’s screen, whether the user is using the app or not.
Hiddad malware application for Arab speakers.
Premium Dialer malware are malicious applications for mobile devices that subscribes the victim to premium services without his approval and without informing them.
MRAT stands for Mobile Remote Access Trojan. It is a type of mobile malware that allows threat actors complete control and monitoring of a mobile devices. An MRAT is usually installed on a device in order to steal data or to be used for surveillance.