Although the use of global events as a vehicle to drive digital crime is hardly surprising, the current outbreak of COVID-19 has revealed a multitude of vectors, including one in particular that is somewhat out of the ordinary. In a sea of offers for face masks, a recent posting on a dark web forum reveals the sale of blood from an individual claiming to have recovered from Coronavirus.
In March 2020 alone, McAfee Labs identified several malicious Android applications abusing keywords connected to the pandemic. The apps range from ransomware samples to spy-agents that spy on the victim’s device. For example, statically analyzing an app called “Corona Safety Mask,” we observe that the amount of permissions is suspicious:
- Full Internet access that allows the app to create network sockets
- Read contact data from the victim’s device
- Send SMS messages
When the user downloads the app, it can order a facemask from the following site: “coronasafetymask.tk.” The SMS send permission is abused to send the scam to the victim’s contact list.