McAfee report: Surge in mobile malware using fake Covid-19 vaccination programmes

PHOTO: Pexels

While it’s not unusual to come across phone malware, the recent McAfee Mobile Threat Report 2021 is concerning, to say the least. Cyber attackers are always finding new ways to infect phones with malware, and the latest efforts are a little too creative to our liking.

Recent attackers are leveraging our increased reliance on smartphones ever since the pandemic reared its ugly head. Specifically, mobile malware saw a surge in targeting national vaccination programmes.

Fake calls for vaccination leading to malware

According to McAfee’s Covid-19 Dashboard, more than 90 per cent of vaccination-related cyber attacks come with Trojan-based malware. Unfortunately, the rest of the attack is as cliché as it gets.

An example closer to home would be India, where malicious SMS and WhatsApp messages encouraged users to download fake apps for vaccine registration. McAfee found that the malware used for these attacks are from the same malware family involved in India’s TikTok ban.

The malware propagates itself via other infected phones - it activates accessibility features for full device control and forwards itself to other users on its contact list. Infected users would be served unwanted, fraudulent ads. More crucial is tricking the user into thinking that they are registered for an appointed vaccine , which can have dreadful or lethal consequences.

Other attack methods seen in India include a fake oximeter app that claims to measure blood oxygen levels (one way to check for the onset of “silent pneumonia”, a possible consequence of asymptomatic Covid-19 infection). The app, however, is just an Android-based Trojan called Anubis.

Similar vaccine-related attacks were also seen in Chile, where their version of a malicious app used their Ministry of Health’s logo to trick users into downloading malicious software.

These attacks in different countries led McAfee to believe that attackers are willing to customise their attacks based on each country’s national vaccination programme. McAfee added that vaccine-related cyber attacks are likely to continue as they draw in large populations with relatively little effort.

Singapore’s stance on mobile malware awareness and safety

According to McAfee’s research, 52 per cent of Singaporean users do not have mobile security software for sensitive data on phones. 62 per cent said that they do not feel secure about their mobile security, and only 32 per cent are aware of the information they store on their phones. These studies were conducted via surveying of more than 1,000 Singaporeans aged between 18 to 75.

These numbers leave Singaporeans relatively vulnerable to mobile threats that capitalise on the pandemic, said McAfee.

“We’ve seen how the pandemic not only led to an increased dependence on mobile devices, but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data.

''As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,” said Raj Samani, McAfee Fellow and Chief Scientist. “As consumers continue to carry out daily activities on the go, it is critical that they stay educated and proactive about protecting their personal data.”

Fortunately, we see effort towards safeguarding the local populace against multi-pronged cyber threats - like the most recent launch of the Better Cyber Safe than Sorry national cybersecurity awareness campaign by the Cyber Security Agency of Singapore (CSA).

The wider McAfee report goes beyond fake vaccination campaigns. Malware on phones have also increased via bill fraud through official app stores, and attacking financial institutions by evading app screening security processes. The full report is available on McAfee’s official website here.

This article was first published in Hardware Zone.

This website is best viewed using the latest versions of web browsers.