If you get an SMS saying ‘Register for vaccine using COVID-19 app’, don’t the jump gun and click the link. The chances of you encountering a malicious link are very high, cyber security experts caution.

Since getting a Covid-19 vaccine has become an almost impossible task, people are desperately trying to find a slot on the Cowin app. Seeing their anxiety, cyber criminals have begun to lure them with fake offers.

“A fake SMS is in circulation tricking unsuspecting users for vaccine registration. The SMS contains a malicious link filled with Android Worm, asking to register with the ‘Vaccine Registration’ app,” Vaibhav Billade, a researcher with cyber security solutions company Quick Heal, has said-

“Quick Heal has collected multiple variants of this malicious app, indicating a heightened activity. It would request permission to access the contacts and messages. The worm then uses the contacts listed in the infected Android device to spread to other devices via text messages,” he says.

Fake apps

As the vaccine supplies continue to be feeble, several States have either stopped walk-ins or restricted to those who have booked their slots on the Cowin app. The slots are too few for the kind of demand that the country is witnessing now.

In this particular cyber attack, the hackers are targeting those in the age group of 18-44 years, for whom finding a vaccine dose is still more difficult.

The link misleads the users to download an app for the vaccination registration for the 18+ age groups. “But in reality, it downloads a malicious APK when the unsuspecting user clicks on the download button,” he says.

The main goal of the app seems to be revenue generation by displaying ads and spreading itself through the victim’s contact list and through SMS.

Samir K Mody, Vice-President (Threat Research) and Head of Global Cyber Attack Research at K7 Labs, predicts that more such scams are likely to surface.

Online scams

“You may see online scams around oxygen concentrators, fake plasma sales and fake drugs like Remdesivir. It is basically playing on people’s fears around Covid,” he says.

“If people are looking for vaccines desperately, you can be confronted with offers that claim that they can automate the vaccine slots. Besides asking for money for doing something illegal, they can steal information from your device,” he says.

“While India fights the battle against the second of Covid-19, threat actors have innovated new ways to encash the situation. It is all the more important to practise caution and always verify the legitimacy of the source of information before consuming and believing in it blindly,” Sanjay Katkar, Co-Founder, Joint Managing Director and Chief Technology Officer of Quick Heal, has said.