Covid19 Vaccine SMS Can Hack Your Phone, Steal Data: Beware Of This Malware!
A cybersecurity researcher has found a malware which is circulated via text messages wherein the targeted user can download an app to register themselves for vaccination.
Taking advantage of difficulties many are experiencing while using the CoWIN portal and the expansion of the inoculation drive to adults from 18-44 years of age, online scammers have jumped on the opportunity to exploit several people.
What It Looks Like
In a series of tweets containing screenshots, Lukas Stefanko who works as a malware researcher at the cybersecurity firm ESET, revealed the SMS alerts which read:
REGISTER FOR COVID-VACCINE from age 18+
Register for vaccine using COVID-19 app.
Download from below.
The app was earlier called the COVID-19 app but has been renamed to “Vaccine Register”.
How It Works
Once the recipient opens the link, they can download the app which then asks for 4 permissions, one to access the phone’s contacts along with 3 others.
Through these permissions, the hackers gain illegal access to users’ private data and spreads as a worm through their contacts.
The same SMS then gets sent to the users’ contacts who may fall for the scam and unknowingly propagate the same through their own contacts, in a vicious cycle.
What You Should Do And Avoid
It is recommended to ignore such SMS alerts from unknown sources, especially those containing download links.
In order to download apps one should do their best to source them from the official Google Play or Apple app stores.
Be diligent about your activity online and always double and cross check the veracity of any unverified website/app/portal.
The Official Online Registration Portals
Official portals for vaccine registration are the CoWIN portal, Aarogya Setu app and UMANG app only.
It should be noted there are legitimate third-party apps which only provide notifications if any slots open up.
However there is no third-party application or portal that allows you to book a vaccination slot or date. That can only be done with the official government portals.