An Android app that goes by the name ‘Coronavirus’ has been spotted that requests victims to re-enter the pin or pattern on the device and uses it to steal information.

The app repeatedly seeks accessibility service capabilities, according to cyber security solution provider SonicWall’s Capture Labs Threats Research Team. With additional capabilities based on traces present in the code, the attacker can control the device remotely making this malware a Remote Access Trojan (RAT). The malware persistently tries to invade and embed itself in the device through multiple means, it said in a statement.

The security experts advise the phone users to be on guard while downloading apps, clicking links and giving out information.

Android’s battery optimisation feature puts an app in a suspended state to conserve battery, but since this malware is a RAT, it works best when it is constantly listening for incoming commands from the attacker.

Upon installation, the malware asks the user to ignore battery optimisation for the app, thereby preventing it from going into a low power/sleep state. Later, when the SonicWall team tried revoking this permission from the app, it pulled a basic trick, pressing the back button just before the permission could be revoked. The same trick is used when the user tries to uninstall the app.

Debasish Mukherjee, Vice-President, Regional Sales, APAC, SonicWall, said: “This is a classic case of the attackers being opportunists. They ride on the fear of the larger public and develop codes to steal sensitive information and control mobile devices remotely. It is advised that people use discretion before falling prey to such attacks.”

Related Topics
comment COMMENT NOW