Mobile Malware Spreading Through COVID-19 Test SMS

mobile malware fake covid-19 sms

Cybercriminals are not letting go of the Covid-19 anxiety that is still gripping the world and are doing their best to abuse it. A brand new mobile scam that spreads malware has joined the dozens of Covid-themed viruses and strains of malware and ransomware that have been making the rounds for more than six months now. The newest threat is distributed through a fake text message sent to your mobile phone.

Scammers Use Fake Health Institution Website

The fake SMS contains a single line of text that reads as follows:

"Take this Covid19 self-assessment test http://[malicious url]"

The bad url directs to a website that attempts to mimic the layout and look of the websites of the Spanish Ministry of Health and the Carlos III Health Institute - a Spanish public health research institution. Once the victim lands on the fake website, they are encouraged to click a link that will allegedly start the self-assessment test but in reality, it directs to and downloads the malware's payload.

The entity that sends the fake SMS shows up to victims as just "COVID-19" with no extra identification. The website that contains the payload also has no security certificate, which should not be the case for a public health website that handles people's personal information. The website does contain a copy of the official institution logos in an attempt to appear legitimate. The fake page also contains active links to real pages on the Carlos III Institute and the Ministry of Health websites, to try and lend itself some further credibility. However, the text on the page contains a lot of grammatical errors and typos, which should be a very obvious red flag to visitors.

Malware Contained in an .APK File

The payload itself is contained in a file called "Covid19.apk" which will immediately summon the Android app installed when downloaded and will infect the device. Thankfully, simply visiting the site and not hitting the button that downloads and deploys the payload will not cause any damage to your phone or tablet.
Unsolicited text messages, especially ones that attempt to scare the user into clicking or tapping on any links are best avoided to prevent any possible damage to the device.

September 4, 2020

Leave a Reply