It’s a part of an organized campaign where the name of the vaccine registration website is changed slightly and is then spread further. The malware asks for access to contact, SMS on the phone along with other details.
Malware researcher at cybersecurity firm ESET Lukas Stefanko observed that this campaign started in April 2021 and is still continuing in India.
SMS worm impersonates Covid-19 vaccine free registrationAndroid SMS worm tries to spread via text messages as fak… https://t.co/FrABIy2Pss
— Lukas Stefanko (@LukasStefanko)
“SMS worm impersonates Covid-19 vaccine free registration. Android SMS worm tries to spread via text messages as fake free registration for Covid-19 vaccine – targets India. It can spread itself via SMS to victim contacts with link to download this malware,” he tweeted.
The malware has several names like Covid-19 vaccine, Covid-19 vaccine registration, Vaccine Register, My-Vaci among others.
Recently, The Indian Computer Emergency Response Team (CERT-In) issued a fresh advisory to warn citizens about fake CoWin vaccine registration apps that are spreading through SMS.
CERT-In mentioned that fake messages are in circulation through SMS that falsely claims to offer an app to let users register for COVID-19 vaccine in India. While the exact wordings of the SMS may differ from time to time, the SMS suggest users to download an app or APK files on their Android phones by clicking on the link that is there on the SMS and install the app.
“The SMS message carries a link that installs the malicious app on Android based devices, which essentially spreads itself via SMS to victims’ contacts. The app also gains unnecessary permissions that attackers could leverage to acquire user data such as contact list,” CERT-In said in its advisory.