Recently, these counterfeit apps emerged on the internet, which alarmed the local authorities to warn the general public. A cybersecurity authority named “SingCert,” which stands for the Singapore Computer Emergency Response Team, issued an advisory saying that cybercriminals have been copying contact tracing apps to spread malware as Singapore is currently on its way to move out from the lockdown phase.
Hackers use these counterfeit apps and embed them with malware. Later, if successful, they can steal personal user data and monitor their device activity log, says the cybersecurity firm SingCert.
These fake apps use the same brand logo of the original contact tracing app TraceTogether, to prevent getting caught from the users or cyber authorities. However, the malware embedded in these apps is capable of stealing banking credentials and user data.
As far as hacking incidents go, SingCert hasn’t received any official user complaints of downloading any fake application.
TraceTogether, a contact tracing app, detects people who may have come across in contact with any Covid-19 infected person. The app uses Bluetooth technology to trace these people and is very efficient in cases where the infected patient forgets the people he might have met, when or before he was diagnosed with the virus.
Anomali, a US-based cybersecurity firm, had recently on its blog post said that they had found at least 12 fake contact tracing applications that were used by hackers to spread malware and steal user information.
Few of these apps behaved exactly like TraceTogether. Once the user downloads these apps, the apps self-install and download malware that is aimed to steal banking credentials. According to Anomali, these fake apps are not on official app distribution platforms like Google Playstore or iPhone’s App store but rather are downloaded via 3rd party websites.
Meanwhile, SingCert has requested the users to install apps only from verified sources and cross-check their originality. It has also warned users to beware of applications that ask too many user access permissions. The users should read user reviews to make sure they have downloaded the right apps, and if the reviews are too poor, they should reconsider using that application. For users who have downloaded apps from 3rd party sources and websites, they should uninstall and run an anti-virus scan.