On March 26, Symantec discovered 11 Android applications that were all made to appear like they were legitimate apps related to tracking cases in the Covid-19 pandemic, but which were in fact secretly downloading a malicious payload after installation.
The coronavirus pandemic is the main news story all over the world right now, with hundreds of thousands of cases and thousands of deaths.
These applications were created after March 20, a time when Covid-19 was spreading widely, particularly in Europe. From the apps’ user interface (UI) (see Figure 1) we can see these apps were targeting Italy, which has the most confirmed cases of Covid-19 in Europe, though it is now closely followed by Spain. However, even though it is clear the malicious apps were targeting Italy, we did also see them installed on devices in the U.S. and France as well.