Highlights
- Malware researcher Lukas Stefanko first reported the new Android worm.
- The new malware imitates as Covid-19 vaccine free registration app and spreads via text messages with a link to download the malware.
- The malware accesses contact list, location tracking, and network information discovery details.
A new malware said to be targeting Android users in India impersonating the Covid-19 free vaccine registration app has been reported by security researchers. Like other malicious software, the new malware tricks users into tapping on a link and downloading the Covid-19 vaccination registration app that's reportedly fake. Dubbed SMS Worm, the new malware spreads via text messages and steals the contacts list from the victim's device.
Malware researcher Lukas Stefanko first reported the SMS Worm on Twitter, where he claimed that the new Android malware is targeting Indian users. He also shared some screenshots of how the malware spreads via a text message. Once users download the fake free vaccine registration app via the link provided in the message, the app appears on the phone as the Vaccine Register app, requests access to the contacts list, and permission to send and view text messages.
Cyble, an Australia-based risk intelligence firm, has further revealed how the SMS Worm malware operated. According to Cyble, the malware performs different activities on the victim's device, once downloaded, like enabling unauthorized access or restricting access to private accounts and services, using the device for unauthorized activities, exposing personal data from the user's mobile device and accounts, and unauthorized deletion of data from the mobile device or services.
While further investigating the source of the SMS Worm malware, the firm found that there are tons of abandoned repositories with similar-looking apps on the Internet and claims could have been developed by the same developer.
"New variants of SMS-worms for Android do not appear very often, and this particular variant is an interesting piece of malware and part of a unique attack. Besides tricking unsuspecting users into installing a worm and other software that they may not want, the worm can also use up their billing plan by automatically sending messages without their knowledge," Cyble says in a blog post.
India Today Tech has tried to reach out to the Cyble team for more details around the new SMS Worm malware, and we will update the story when we hear from them.
How to avoid getting tricked by similar malware that spreads via SMS
The best way to avoid getting duped by such malware is by avoiding downloading any apps or opening any websites via links sent by unverified sources.
If you have received a link via text message from where you can download an app, then avoid doing that. Download an app only from the official app store and Google Play store in Android's case. Another good practice is checking what permission is being asked by apps on your phone.
To protect your data from hackers, try to use an additional protection layer like two-factor authentication.