Wondering if that coronavirus app is legitimate? Submit it to apklab.io and find out.
Everyone’s got the coronavirus on their minds, including cybercriminals. And I’ve been in this industry long enough to know that, sadly, in the world of online scams, nothing is sacred. Even something as deadly serious as a pandemic will be exploited if someone can make money off of it. And with hundreds of apps dedicated to COVID-19 information having materialized over the last week, with more to come, it’s going to be increasingly difficult for the average user to tell good from bad, legitimate from malicious, truth from flat-out lies.
So today I have news: Avast is launching a new initiative on its mobile threat intelligence platform apklab.io to make it easier for researchers both to contribute and examine COVID-related app samples. So far, we’ve found over 450 coronavirus related apps. While we are analyzing them to discern the genuine from the fraudulent, we invite the research community to take part as well. We’ve customized our feeds to make the indicators of compromise (IoCs) accessible to the public so that other security researchers can join us in the investigations. Researchers can request an invitation here in order to explore our deep analysis of the apps. We may not be able to stop the spread of COVID-19; but, working together as a community, we can help stop the spread of bad apps preying on the crisis. We are also inviting other companies to follow the lead.
Even if you’re not a researcher with the ability to analyze code, I strongly recommend that you still protect yourself from the digital world’s mass influx of bad coronavirus apps by following these 3 tips:
The misinformation and disinformation being spread about COVID-19 ranges from fake outbreak maps to phony cures for the disease and more. Avoid all that confusion by listening only to the experts. As a society, we are practicing social distancing to prevent the escalation of the disease. As individuals, it’s a good idea to distance ourselves from the mass of false information about the virus to prevent the escalation of panic and detrimental actions. Stay safe, healthy, and calm.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.