Android surveillanceware operators jump on the coronavirus fear bandwagon

Enlarge (credit: ShellyS / Flickr)

Researchers have uncovered a mobile surveillance campaign that has used more than 30 malicious Android apps to spy on targets over the past 11 months. Two of the most recent samples are exploiting the coronavirus by hiding off-the-shelf surveillanceware inside apps that promise to provide information about the ongoing pandemic.

One of the apps, "corona live 1.1," is a trojanized version of "corona live," a legitimate app that provides an interface to data found on this tracker from Johns Hopkins University. Buried inside the spoofed app is a sample of SpyMax, a commercially available piece of surveillanceware that gives attackers real-time control of infected devices. A second app used in the same campaign is called "Crona." The campaign, which has been active since April 2019 at the latest, was discovered by researchers from mobile-security provider Lookout.

"This surveillance campaign highlights how in times of crisis, our innate need to seek out information can be used against us for malicious ends," Lookout researcher Kristin Del Rosso wrote in a post published on Wednesday. "Furthermore, the commercialization of off-the-shelf' spyware kits makes it fairly easy for these malicious actors to spin up these bespoke campaigns almost as quickly as a crisis like COVID-19 takes hold."

Read 8 remaining paragraphs | Comments