Another day in coronavirus world, another COVID-19 scam. This time it’s an Android app that promises to help you buy a safety mask. But cybersecurity researchers are warning that it scans all your contacts and then forwards text messages to them, trying to convince them to download the app too.
It’s the first example of an Android worm that uses coronavirus and the associated anxiety as bait. And it starts with a text, one that reads: “Get safety from corona virus by using Face mask, click on this link download the app and order your own face mask – hxxp://coronasafetymask.tk.”
Clicking on the link takes the user to a web portal where they’re asked to download the app. Downloading won’t just help the worm spread, it’ll cost you whatever your carrier charges you for a text. The more contacts you have, the higher the potential bill, especially if your friends live abroad.
The app may do more than nab all your contacts and message them, warned Shivang Desai, a researcher with American security firm Zscaler, who found the rogue app. “There’s the threat that the malware could ask the victim to pay online for the mask and steal the credit card information, but we did not find any such functionality in the app,” he wrote in a blog post on Thursday. “We believe the app is in its early stages and this (and other) functionalities will be added as the app is updated.”
The news comes just after coronavirus-themed apps were seen targeting Android, one designed to spy on users through their webcam and microphone, the other demanding a ransom after infection.
A task force for American victims
Meanwhile, the first American task force for dealing with coronavirus scammers was announced late Thursday in Pennsylvania. It will combine prosecutors and investigators from across federal and state police agencies to find and punish COVID-19 scammers.
The announcement was made by U.S. attorney Scott Brady and attorney general Josh Shapiro. It came a day after Brady told Forbes that the Justice Department was preparing for an unprecedented wave of coronavirus-themed fraud. “Bad guys should know we are open for business. We will find you and we will stop you.”
Forbes has been keeping a running list of coronavirus-themed online threats out there, which you can find here.