INTELLIGENT BRANDS // Enterprise Security
POWERED BY
Hackers push malicious,
fake Coronavirus apps to
take over Android
////////////////////////////
Check Point Research has identified
malicious applications, masquerading
as innocuous Coronavirus apps, that
are designed to take control of Android
devices. Once the malicious application is
installed, a hacker takes intrusive control of
the device via a remote shell, accessing a
person’s calls, SMS, calendar, files, contacts,
microphone and camera, in addition to write,
add and send privileges.
The malicious applications were not found
on Google Play Store, but were discovered
in new Coronavirus-related domains, which
researchers believe were created specifically
for the intention to deceive the masses by
leveraging the fear circling Coronavirus. Most
frightening is the speed and ease of which
these device takeover apps can be created,
and who can create it.
Check Point researchers traced the origins of
the malicious applications. The applications
were crafted via Metasploit, a freepenetration
testing framework that makes
hacking simple. Using Metasploit, anyone
with basic computer knowledge can craft
the same malicious applications in just 15
minutes. It’s as simple as: point Metasploit
at your target, pick an exploit, choose a
payload to drop and hit Enter. In this case,
the Metasploit crafted apps were targeting
everyday people searching for Coronavirusrelated
content.
Check Point researchers were able to find
three samples, created by Metasploit
Framework, carrying the innocent name –
‘coronavirus.apk’. This app can be easily
delivered and installed on large numbers of
devices and can execute device takeover.
Once executed on the Android device, the
app starts a service that hides its icon in
order to make it harder to get rid of it. It
continues by connecting to a C&C server
(Command and Control) stored in an array in
the malware’s code.
“We’re living in very difficult times. Not only
is there a physical threat from Coronavirus,
but also a substantial cyberthreat,” said
Aviran Hazum, Manager of Mobile Research
at Check Point. “Hackers are feasting on
concerns around Coronavirus by creating
malicious applications that have names
and icons suggesting they’re harmlessly
related to Coronavirus, but truth is they
are traps. In this case, what’s alarming is
the speed and simplicity in crafting these
disguised Coronavirus apps. I caution
everyone to triple-check the domains they
click on these days.”
Recently, Check Point reported more than
30,103 new Coronavirus-related domains
were registered in the past few weeks, of
which 0.4% (131) were malicious and
9% (2,777) were suspicious and under
investigation. This means over 51,000 of
Coronavirus-related domains in total have
been registered since January 2020.
All in all, Check Point’s researchers
discovered 16 different malicious apps,
all masquerading as legitimate Coronavirus
apps, which contained a range of malware
aimed at stealing users’ sensitive
information or generating fraudulent
revenues from premium-rate services.
Three of the 16 were Metasploit
crafted applications. •
70
INTELLIGENTCIO
www.intelligentcio.com