Aarogya Setu app, Indian’s contact tracing app for Covid-19 has become the latest government-backed app to be threatened by cybercriminals who have developed clones to steal data from users.
According to Sonic Wall Labs, a California based cybersecurity firm, there has seen several cloned malware apps masquerading as the legitimate Aarogya Setu app that maliciously infects user’s smartphones.
The cloned apps were designed to install a monitoring malware on infected smartphones and to pilfer sensitive data, including banking and login details. With the legitimate Aarogya Setu having recorded about 10 million downloads since its launch in April, the clones are most likely to hit about two hundred thousand downloads.
How Does Aarogya Setu Contact Tracing App Clone Apps Work?
The Regional Sales VP – Sonic Wall Labs, Asia Pacific, Debashish Mukherjee in a statement said that the malware once downloaded on smartphones can record audio, send SMS, and make calls. Also, without granted permission . the malware app can be launched each time the infected device is rebooted.
He continued by saying “the method of installing Aarogya Setu app running in the background remains common but threat actors exploit this method to deceive victims into thinking they are using the legitimate application while using the malicious app to execute functions in the background.”
The researchers explained that the attack on the contact tracing app is not peculiar to India alone, after identifying about 12 COVID-19 contact tracing apps around the world with cloned contact tracing app. For instance, countries like Brazil, Indonesia, Iran, Russia and a host of others as contained in a release.
How To Identify A Real Contact Tracing App
- The fake app armed with Aarogya Setu icon which on a closer evaluation appears stretched to deceive users into believing they are downloading the legitimate app.
- The security research firm says that “Most fake apps have poorly written reviews and comments which is one of the signs that you are on the wrong app.”
- Downloads from unofficial sources should delete while running an antivirus scan to detect any hidden infections on your device. If you cannot delete the app after installation, perform a factory reset on your device to get rid of the threat.
Hope you find this helpful?