Coronavirus Update App Leads to Project Spy Android and iOS Spyware

by CIRT Team

Security researchers at Trend Micro discovered a potential cyberespionage campaign, which we have named Project Spy, that infects Android and iOS devices with spyware.
Trend Micro also reported that, significantly small number of downloads of the app in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.

The spyware apps can steal Facebook messages, WhatsApp messages, text messages, contact lists, call logs, photos, and location and device information from infected phones.
The app is capable of stealing messages from popular messaging apps by abusing the notification permissions to read the notification content and saving it to the database. It requests permission to access the additional storage.

The “Corona Updates” app had relatively low downloads in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.  Perhaps the app’s false capabilities also fueled the low number of downloads. It also appears the apps may still be in development or incubation, maybe waiting for a “right time” to inject the malicious codes.

Users are cautioned to research and check reviews before they download apps. Observe and look at the app’s display and text, stated functions, reviews from other users, and requested permissions before downloading. Make sure that all other apps installed and the device operating systems are updated to the latest version.

Reference:
https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/

CIRT Team