Coronavirus Scam Uses a Fake COVID-19 Map Pushing an App That Lets Cybercrooks Spy on You Through Your Phone

fake covid 19 map app spying

We are currently living through a pandemic. Coronavirus is spreading rapidly and has become a global issue. People are scared, and the news is only adding to that fear. Every time you turn on a TV, open a site, or any social media – you discover Coronavirus is the most-discussed topic. Everyone is talking about Coronavirus or the strain that we're now dealing with – COVID-19. No matter how much information people get, there's always a want for more. Cybercriminals exploit people's need for Coronavirus data for their gain.

In this time of crisis, people turn to experts and the advice they give. To combat the spread, they advise people to take a few precautionary steps – keep hygiene levels high, avoid contact with others and crowds, work from home if you can. These guidelines help to cut down the rapid spread of the dreadful Coronavirus. But staying home and social distancing means spending more time online – reaching out to friends and family, working, distracting yourself, and, above all, keeping up with the latest Coronavirus news.

Coronavirus proves to be among the most prominent search trends in Google history. Americans awed as they shared tweets and charts depicting the enormous interest around the topic in comparison to other highly-searched phrases.

The tweet with the attached chart. Source:

tweet popular chart coronavirus
The chart, which displays the surge of Coronavirus searches. Source:

Coronavirus-related information is what people crave most, and cybercriminals know that.

Cybercrooks make expert use of the Internet and people's Coronavirus fears

The Internet is a plentiful source of information, and right now, Coronavirus dominates the web. In only three months, there have been over a thousand domains registered that relate to Coronavirus and COVID-19. The registrations have been on a steady incline since January 2020, and as you can see on the chart below, they have blown up in March.

covid 19 coronavirus domains registered
A depiction of the increase of domains related to Coronavirus and COVID-19 registered since January. Source:

Not all of these domains are registered for malicious purposes by malicious individuals. Some are, and their only objective is to fool you into acting against your best interest.

Once a cybercriminal registers such a domain, they use it to give credence to their scams. 'We have a website, and that must mean we're legitimate and reliable, right?' Wrong! Always be on your guard, and don't disregard vigilance. These sites impersonate real legitimate ones, as well as host phishing pages and further the spread of misinformation. They always have a tell – something off with the logo, a spelling mistake, et cetera. Even if you don't find one at first glance, inspect further!

An impostor map pushing a sham app

The latest Coronavirus-related bogus website is one that appears to display the spread of Coronavirus – deaths, infections, everything related to the topic. And, all of it sorted by country and city. Unfortunately, the site is unreliable as it impersonates the real one that does all of the things listed above. This website, like many other malicious ones, spoofs a legitimate map offered by Johns Hopkins, which provides trustworthy information. You can find the actual reliable map on this website: And, you can see a depiction of it below.

johns hopkins covid 19 map
The legitimate Johns Hopkins Coronavirus-related map impersonated for the scam. Source:

The website with the impostor map pushes an Android application on unsuspecting victims that land on it. An app that, supposedly, tracks Coronavirus, as well – its spreading, victims, deaths, all of it. Of course, it does no such thing, but people naïve enough to believe these bogus claims, only end up suffering for it.

How do the cybercrooks manage to spy on you?

Here's how the latest Coronavirus scam unfolds. You receive a text on your phone that contains a link. That link promises to take you to a Coronavirus tracking map to help you keep up with the latest news on the COVID-19 threat. Plus, it also offers an application that allows you to do the same, but on your phone! If you download the Android app from the site, you're opening your phone to snoops.

The cybercriminals, behind the malicious app, will steal access to your phone's microphone and camera and will be able to spy on your every move. They'll know what you're saying and doing at all times. Security experts suspect that their objective is extortion. The malicious individuals collect data by spying on you, and then they can extort you if they choose. Or, they can use it to sell on the dark web. Or, if they manage to collect enough personal and financial information from you, they can steal your identity.

Note the red flags!

The app is NOT on Google Play, which should be your first red flag. Do NOT download anything that you don't find on a verified source. Your caution will save you a ton of issues.

If you don't catch on the red flag and do get the app, you'll receive a customized version of SpyMax. SpyMax is commercial spyware that anyone can get for free as long as they have an Internet connection.

What's alarming is that this malicious software has gotten linked to at least thirty more rogue Android apps. All of which use the same command and control infrastructure of a grander surveillance campaign that's been active since April 2019.
Security researchers believe that the hackers behind the scheme operate in Libya. So far, it's unconfirmed, but it should get noted that one of the thirty apps mentioned above offers services that allow a user to search for the customer name of a Libyan mobile number.

When it comes to such malicious apps, the pattern of infiltration remains the same. Cybercriminals spread them via links, delivered in SMS messages. Follow the link, and you land on a website that offers an application available for download. Do NOT download apps from unverified sites! Don't give in to fear and panic, but remain vigilant. We live in a time when cybercrooks thrive on people's panic. Don't let them profit off of you.

March 25, 2020

Leave a Reply