BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Google Download Warning Issued For Millions Of Android Users
New iOS 18 AI Security Move Changes The Game For All iPhone Users
Microsoft Warns Windows Users Of Ongoing Russian Hack Attack
Google’s $6 A Month Chrome Security Subscription Is A Thing Now
FCC Votes To Restore Net Neutrality: A Win For Consumers And Democracy
An Ex-DOD Hacker Raises $20 Million To Stop ChatGPT-Fueled Cyberattacks
Edit Story
ForbesInnovationCybersecurity
Editors' Pick

Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On You Through Your Android Microphone And Camera

Thomas Brewster
Forbes Staff
Senior writer at Forbes covering cybercrime, privacy and surveillance.
Following
This article is more than 4 years old.

Watch out for any links texted to your Android phone promising an app to track coronavirus. Downloading the application will let snoops, suspected to be operating in Libya, watch you through your smartphone camera, listen to you through your microphone or pilfer all your text messages.

The find by researchers at cybersecurity company Lookout is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. It’s unclear how this latest strain of malware is propagating (it’s not on Google Play, for instance), but it’s disguised itself as a version of the legitimate “corona live” application, which provides data from the Johns Hopkins coronavirus tracker of infection rates and deaths.

Read more: An Unprecedented Wave of Coronavirus Scams Is Coming, Warns US Prosecutor

Underneath the disguise, though, is a customized version of SpyMax, commercial spyware that can be acquired online by anyone with an internet connection for free. In this case, Lookout researcher Kristin Del Rosso has associated the malware with another 30 rogue Android applications that use the same command and control infrastructure of a larger surveillance campaign that’s been active since at least April 2019. Amongst those other 30 apps were fake tools claiming to be media players and, intriguingly, a tool that let a user search for the customer name of a Libyan mobile number.

Lookout researchers have no evidence the perpetrators of this Android malware are backed by a nation-state, but noted “the use of these commercial surveillanceware families has been observed in the past as part of the tooling used by nation-states in the Middle East.”

MORE FOR YOU

Samsung Is Giving Away A Free Galaxy S24 In A New Promotion

Google Makes A New Sale Offer To Pixel 8 Buyers

Mike Tyson On Becoming A Heavy Hitter In Weed

Del Rosso told Forbes that amongst all the current COVID-19-themed threats facing smartphones, “on the mobile front, this appears to be the most privacy-invasive malware I've seen yet.” It works on all Android phones from Gingerbread (2.3.3) up to current devices.

As for where to look out for this kind of threat, Del Rosso added: “Typically, malware like this is spread via links in SMS or from a watering hole website the actor sets up, where the application is available for download.”

Previously, ransomware copied the COVID-19-tracking app and demanded Android users pay up to unlock their phone.

Forbes has been keeping an eye on all the coronavirus-themed online threats out there, which you can find here.

Full coverage and live updates on the Coronavirus

Follow me on TwitterCheck out my websiteSend me a secure tip
Thomas Brewster
Thomas Brewster