Malicious Android Apps Exploit Coronavirus Panic

Cybersecurity Institutions found nearly a dozen Android apps that claimed to monitor the COVID-19 outbreak, but in fact were used to infect user’s devices with malware.

In late March, there were 11 Android applications that were created to trick users into thinking they can be used to track the spread of COVID-19, but instead were simply downloading malicious content to all of the victim’s devices.

These applications were created after Covid-19 had already begun to spread globally, more particularly in Europe. The app’s user interface made it clear that they were initially targeting Italy, which had the most confirmed cases of Covid-19 in Europe. However, even though it is clear these malicious apps were targeting that specific region, they were also found to be installed on many devices in North America and throughout Europe. It’s amazing how fast these threats can travel.

Application Repacks

All 11 of the malicious apps that had been discovered were actually just repacked malicious versions of a very legitimate app called SM-COVID-19, which can be used to monitor the spread and transmission patterns of the Coronavirus pandemic. The repacked apps kept most of the user interface and features of SM-COVID-19, such as collecting location and device data which aided in monitoring COVID-19. However, it was uncovered that the malicious repacks were injected with Metasploit. This allows for a reverse TCP connection and enables various (and likely ill-willed) commands to be executed. The cybercriminals responsible can retrieve all of the victim’s file information, contacts, text messages, and can even monitor what is being currently displayed on the device.

The malware applications also included a malicious module that could download what we call a “payload” from the cybercriminals’ servers. This functionally means that it would be possible for the attacker to perform the same attack on all of their victims at the exact same time. It also means they have to potential to exhibit a DDoS (distributed denial of service) attack by using all of said user’s infected devices.

This goes to show that even in times of great global crisis, these cybercriminals will try to take advantage of any circumstance in an attempt to infect and take advantage of victims with malware. Here are a few simple steps that users can take to help protect themselves in times like these.


Simple Mitigation Habits

  • Install a trusted security suite to protect your device and data.
  • Always use official app stores to download and install all of your applications.
  • When in times of crisis, it’s important to understand someone will always try to take advantage of the situation. Stay vigilant and apprehensive in both the cyberworld, and the real world.
  • Wait for trusted reviews when something new releases, you never know what an application’s true intent is.