Hackers have made COVID-19-themed malware that can spy on your Android through your camera.
Avishek Das/SOPA Images/LightRocket via Getty Images
Watch out for any links texted to your Android phone promising an app to track coronavirus. Downloading the application will let snoops, suspected to be operating in Lybia, watch you through your smartphone camera, listen to you through your microphone or pilfer all your text messages.
The find by researchers at cybersecurity company Lookout is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. It’s unclear how this latest strain of malware is propagating (it’s not on Google Play, for instance), but it’s disguised itself as a version of the legitimate “corona live” application, which provides data from the Johns Hopkins coronavirus tracker of infection rates and deaths.
Underneath the disguise, though, is a customized version of SpyMax, commercial spyware that can be acquired online by anyone with an internet connection for free. In this case, Lookout researcher Kristin Del Rosso has associated the malware with another 30 rogue Android applications that use the same command and control infrastructure of a larger surveillance campaign that’s been active since at least April 2019. Amongst those other 30 apps were fake tools claiming to be media players and, intriguingly, a tool that let a user search for the customer name of a Libyan mobile number.
Lookout researchers have no evidence the perpetrators of this Android malware are backed by a nation-state, but noted “the use of these commercial surveillanceware families has been observed in the past as part of the tooling used by nation-states in the Middle East.”
Del Rosso told Forbes that amongst all the current COVID-19-themed threats facing smartphones, “on the mobile front, this appears to be the most privacy-invasive malware I’ve seen yet.” It works on all Android phones from Gingerbread (2.3.3) up to current devices.
As for where to look out for this kind of threat, Del Rosso added: “Typically, malware like this is spread via links in SMS or from a watering hole website the actor sets up, where the application is available for download.”
Previously, ransomware copied the COVID-19-tracking app and demanded Android users pay up to unlock their phone.
Forbes has been keeping an eye on all the coronavirus-themed online threats out there, which you can find here.