CTI Investigation into COVID-19 Contact Tracing Apps

In cooperation with the ThreatFabric research team.

Executive Summary

With more countries providing COVID-19 contact tracing applications [1], threat actors will almost certainly continue to distribute malicious Android packages that pose as legitimate contact tracing applications serving banking trojans, spyware, and ransomware. As the current COVID-19 pandemic has caused public-health and economic issues to countries around the globe [2], nations have launched contact tracing applications to monitor, identify, alert and reduce the spread of infections. A joint analysis by ThreatFabric and EclecticIQ highlight that threat actors:

• Disguised Android packages as legitimate contact tracing applications for financial gain.
• Used repackaged commodity and opensource malware to lower the investment needed.
• Used third party port forwarding and secure tunnelling services to provide anonymization to command and control (C2) infrastructure.
• Delivered malicious Android packages through links pointing to phishing pages.

Want to read the entire blog? Click on the '' read more'' button.