PremiumThe fake oximeter app takes permission to access various features on the mobile. If permission is granted, then the cybercriminals could steal sensitive data such as OTP, saved passwords, card details, photos, contacts, and even the biometric information
The Tamil Nadu state police has warned people not to download/install fake oximeter mobile applications from any links they may have received over email, SMS or social media. According to them, cybercriminals are employing such means to steal personal data and passwords, which can be misused in stealing cash from bank accounts and blackmailing.
The Tamil Nadu police said that people's apprehension was getting exploited during the Covid pandemic by the cybercriminals who are targeting the users with malicious links and applications that could steal personal information or biometric data like fingerprints.
The police said the fake oximeter app claims to detect blood-oxygen levels. If a user downloads the app, it then asks to test oxygen level using fingerprint sensors. The fake oximeter app also takes permission to access various features on the mobile. If permission is granted, then the cybercriminals could steal sensitive data such as OTP, saved passwords, card details, photos, contacts, and even the biometric information that could be used to access banking and other sensitive applications on the phone, the Tamil Nadu police said in a statement.
"These apps claim to measure blood oxygen level by placing the finger on the camera and illuminating the finger using torchlight. During this process, the malicious apps could capture your fingerprint," the police said.
The police warned that fraudsters could use the fingerprint data to replicate the thumb impression and authenticate Aadhaar Enabled Payment System (AEPS) transactions from the app user's account.
Several states, including Maharashtra, Punjab, and Gujarat warned people about such fraud apps during the second coronavirus wave.
"This is not present in smartphones. Hence, users should be cautious of apps promising to measure blood oxygen levels using fingerprint sensors," the warning posted on the Tamil Nadu police Facebook page said and appealed to the citizens to install applications from trusted sources.
However, if the biometric information is compromised, one should disable biometric authentication for AEPS transactions by visiting www.uidai.gov.in. The victims could file a complaint on www.cybercrime.gov.in.
Never miss a story! Stay connected and informed with Mint. Download our App Now!!