Researchers from a cybersecurity firm found that hackers have created apps made to look like the Covid-19 contact-tracing apps of some governments, including the Indonesian government’s PeduliLindungi app.
By
SATRIO PANGARSO WISANGGENI
·4 minutes read
JAKARTA, KOMPAS -- Researchers from a cybersecurity firm found that hackers have created apps made to look like the Covid-19 contact-tracing apps of some governments, including the Indonesian government’s PeduliLindungi app. Therefore, the public should not carelessly download apps from unclear sources.
PeduliLindungi and dozens of similar apps from a number of countries were created to assist in the process of Covid-19 contact-tracing, which is particularly important in the period leading to the new normal, when physical distancing is increasingly difficult.
The contact-tracing app uses the Bluetooth connection to detect cell phones in close range. People will get a notification if they have been close to someone confirmed to have contracted Covid-19. The authorities can then ask them to self-quarantine or get a medical check-up.
These apps can be circulated through other applications, websites or other channels.
It seems that the crucial role of this contact-tracing app is being abused by cybercriminals to steal personal data.
Cybersecurity firm Anomali found 12 fake contact-tracing apps purportedly issued by 10 countries that contained malware to steal the personal and banking data of users. Anomali believes the Android apps were circulated through unofficial channels.
"These apps can be circulated through other applications, websites or other channels. At the time of the publication of this study, these fake apps were not available in the Google Play Store," wrote Tara Gould, Gage Mele, Parthiban Rajendram and Rory Gould from the Anomaly Threat Research (ATR) Team on Wednesday (10/6/2020) through their official page.
One of the apps forged is the Indonesian government’s PeduliLindungi app. The ATR team found that the hackers had inserted a virus called Spynote in the fake PeduliLindungi app. Spynote is a trojan virus that aims to collect data from the infected devices and monitor user activity.
Spynote can access a wide range of information, from SMS messages and GPS locations to contact lists. It can also take pictures from the camera, check the browsing history, view the list of installed apps, send files, write messages and record calls.
The ATR team said that, if this fake application is downloaded, the official app PeduliLindungi would still be running to fool the victims. However, the virus would also run in the background. The Spynote virus has also been used by hackers in an app resembling that of the government of India, Ararogya Setu.
Ministry of Communications and Information Director General of Informatics Applications Semuel Abrijani Pangerapan expressed his appreciation of researchers’ work and said the ministry would immediately issue a broad announcement to warn the public of the risk of downloading the PeduliLindungi app from sources outside of the Google Play Store or Apple App Store.
"If it\'s not the official [app], chances are that irresponsible persons will put malware or viruses in the application. So, we must be careful. Hackers can suck up all sensitive information, including financial transactions," Semuel said, Thursday (11/6).
Separately, Indonesia Cyber Security Forum founder and chairman Ardi Sutedja said these findings indicated that the Indonesian public had to be more vigilant and cautious about downloaded applications.
To reduce the risk of application forgery of this kind, people are asked to only download apps that are available in the official app stores and avoid APK files spread through instant messaging groups. "This is an individual decision, whether to install or not. Well, whatever is decided, it must be based on careful consideration and sufficient information," said Ardi.
Anubis
In addition to apps belonging to Indonesia and India, apps of eight other countries were also targeted, namely those issued in Armenia, Brazil, Colombia, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Most of these fake applications are inserted with a generic, nameless trojan virus. However, in the cases of Brazil and Russia, the virus used by hackers to harvest data from the target device is the known Anubis trojan.
Anubis is a virus that specifically targets banking information from a victim\'s device. This malware is known to be in circulation since 2017. Once installed on the victim\'s device, Anubis will fake banking applications and deceive victims into entering sensitive banking data. The data will then be sent to the hacker.