Malicious ‘Vaccine Register’ app taking advantage of users, spreads via SMS
The app is evidently designed to take advantage of citizens that are desperate enough to install an app to get a vaccination appointment.
The third phase of vaccinations against the coronavirus pandemic in the country began last week, allowing citizens above the age of 18 to register to receive the vaccine. While many have registered, vaccines are currently in short supply and appointments in many cities are booked days in advance. Hackers have reportedly begun to take advantage of people and getting them to install malware via SMS.
Unlike some of the tools that have quickly been developed up to help citizens register for the vaccine in the country, these malicious SMSes that are sent to users ask them to install an app on their smartphones. A new report states that the malware was spotted by security researcher Lukas Stefanko, who recently took to Twitter to explain how the malware works.
SMS worm impersonates Covid-19 vaccine free registration— Lukas Stefanko (@LukasStefanko) April 29, 2021
Android SMS worm tries to spread via text messages as fake free registration for Covid-19 vaccine - targets India 🇮🇳
It can spread itself via SMS to victim contacts with link to download this malware. https://t.co/EXAAGARqOP pic.twitter.com/HX957bPVu5
The first step to infect a user’s device is the SMS, which says “REGISTER FOR COVID VACCINE" and specifies that it is for people above the age of 18. It asks users to register using the “COVID-19” app linked with a short URL, which is actually an Android SMS worm, according to Stefanko. Once the victim clicks the link, it downloads the app which the user then installs. It then requests permission to the user’s contacts, SMS and other telephony-related permissions. It then spreads to other users via their contact lists.
In a worrying development, Stefanko later tweeted that the app had been updated this time with a “light theme” and a new name “Vaccine Register”. The new app name is much more likely to convince unwitting users to download the app and grant access to the permissions and is clearly designed to take advantage of citizens that are desperate enough to install an app to get a vaccination appointment.
Android SMS Worm was updated an hour ago.— Lukas Stefanko (@LukasStefanko) April 29, 2021
It received a light mode and app name was changed pic.twitter.com/ZPUmIVdxrm
While the researcher did not provide any information as to how to uninstall the malware, if the app has been installed, users can download the Malwarebytes app and run a system scan, and uninstall any malicious apps that are found. Users must also be careful about clicking any links that they receive from unknown sources and only rely on the CoWIN portal, Umang and Aarogya Setu, which are the only official methods to register for the vaccine offered by the government.