A health worker prepares a jab of the Covishield vaccine against the Covid-19 coronavirus at a shelter home in New Delhi (Photo by Money SHARMA / AFP)

A health worker prepares a jab of the Covishield vaccine against the Covid-19 coronavirus at a shelter home in New Delhi (Photo by Money SHARMA / AFP)

Hackers are now making fake vaccine apps to target unsuspecting smartphone owners

Vaccine apps – you thought these were only released by reputable government authorities, but apparently not: hackers are exploiting high vaccine demands to unleash a host of cyber threats to unsuspecting mobile phone owners.

While the Covid-19 pandemic has affected businesses around the world, cybercriminals seem to be enjoying some success. Cybercrimes continue to increase, causing more problems to organizations, especially those with remote working employees.

Today, cyber threat perpetrators abuse a host of techniques to infiltrate organizations, employees, individuals. From mobile to smart devices, cybercriminals are increasingly targeting personal devices at home, unleashing stronger threats. Securing IoT devices and mobile devices thus becomes ever more important now.

According to McAfee Advanced Threats Research’s Mobile Threat Report 2021, hackers are now using fake apps, malware such as trojans, bogus social media invitations, and fraudulent messages to target unsuspecting consumers.

Vaccine apps – too good to be true?

As the world’s largest vaccination drive continues, the demand for vaccines naturally increases. This is especially true for communities or populations with high densities and low vaccination opportunities.

“The pandemic has changed the way consumers live, meaning hackers have adapted to switch up the various methods they use to target consumers. With more people connected online than ever before, we want to make sure we are doing everything possible to help refocus consumer’s digital mindsets to protect what matters to them and their friends and family – their personal data,” said Judith Bitterli, Senior Vice President, Consumer Business Group at McAfee.

A man holds his cell phone to show his verification code to register to receive a dose of the Sinopharm vaccine in the Punjab province of Pakistan(Photo by Aamir QURESHI / AFP)

Hackers are now hiding malware and malicious links inside fake covid-19 vaccination appointments and registration display ads. When victims click on these links and ads, they end up having malware downloaded onto their devices. The malware may activate accessibility features to give the hackers full device control, which can allow them to steal banking details and credentials.

According to the report, over 90% of all pandemic-related malware came in the form of trojans. There has also been an increase in the number of fake apps offering Covid-19 vaccines, with over 700,000 downloads of them occurring in Southeast Asia and the Middle East.

In India, McAfee researchers found evidence of an SMS worm targeting Indian consumers. This formed one of the earliest vaccine fraud campaigns, where both SMS and Whatsapp messages encouraged users to download a vaccine app. Once downloaded, the malware in the app will continue to display unwanted and fraudulent ads to users and send itself to everyone in the victim’s contact list.

In Malaysia, the police cautioned the public of Covid-19 vaccine sales that are being advertised on social media sites, claiming that such ads are scams. In Malaysia, Covid-19 vaccines are provided to residents for free and are strictly regulated by the Malaysian Ministry of Health (KKM). They are not available for personal or private sale to individuals.

“We’ve seen how the pandemic has… prompted bad actors into developing new ways of tricking consumers and stealing their data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams but using new tricks. As consumers continue to carry out daily activities on the go, they must stay educated and proactive about protecting their personal data,” said Raj Samani, McAfee Fellow, and Chief Scientist.

Protecting our devices means protecting ourselves

Cybercriminals are masterminds at finding new methods to trick users. Cybersecurity awareness among consumers, remote working employees, and businesses are still very low in Southeast Asia, but there are steps businesses and users can take to better protect their devices.

Organizations should ensure that their employees’ devices have endpoint security. If their employee’s device is hacked, not only will their contacts be compromised, but so will possibly sensitive company data.

Companies should have a holistic understanding of cybersecurity and make use of data insights that are available to them.

Mobile users also need to be vigilant and take precautions before clicking on ads or downloading apps, such as by doing a background check to verify their authenticity. If it’s an addition to a mobile application, check the status of the app in its respective app store (Google Play or Apple Store).

Good places to look at are the review sections of apps, as well as the names of the app developers. Some of these apps may have been flagged by other users as well.

When using your mobile device, be aware of which apps are granted permission to access your contacts, social media, and even your camera. Most users tend to allow apps full access to their devices’ functions whenever they’re prompted. Be especially wary of changes you did not make to your IDs or even other apps on your device.

Lastly, always keep your mobile devices and applications updated. Most updates are bug fixes, but they may sometimes also be critical security patches.