Cybersecurity company McAfee in its report on Monday, 28 June, said that India is among the top targets for fake apps and malware promising COVID-19 vaccinations.
“With most of the world still anxious about COVID and getting vaccinated, cybercriminals are targeting these fears with bogus apps, text messages, and social media invitations. Malware and malicious links hidden inside these fakes display ads and try to steal banking information and credentials,” wrote the report’s authors.
The report has said that following a year of lockdowns and a surge in time spent online and on devices, fraudsters are capitalising on the situation, with 2021 shaping up to be a year of 'malware misinformation and sneak attacks'.
Indians Prone to Vaccine Fraud
McAfee researchers found evidence of an SMS worm targeting Indian consumers, forming one of the earliest vaccine fraud campaigns.
Both SMS and WhatsApp messages encouraged users to download a vaccine app and once downloaded, the malware replicates and sends itself to everyone in the user's contact list via SMS or WhatsApp. The malware behind this is the same family that was involved in India's ban on the TikTok app in July last year.
“We’ve seen how the pandemic not only led to an increased dependence on mobile devices, but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks"Raj Samani, McAfee Fellow and Chief Scientist
It should be noted that India also saw a rise in media reports of fake vaccine drives in states like Maharashtra and West Bengal.
At least 2,000 people in Mumbai alone were duped under the pretext of being provided with COVID jabs. Perpetrators usually fill syringes with saline solution and stick the vaccination label on top.
5 Tips to Be Safe
The Quint spoke to cyber security expert Sourajeet Majumder, who pointed out 5 tips which can keep you safe from a potential malware attack.
The only official link to register for COVID-19 vaccination in India is https://cowin.gov.in. Users must stay alert from clicking on any other link which promises registration for vaccination.
Cyber criminals often use phishing attack to steal user's data and thus they can send users a link which might be very similar to the official one. For example : 'kowin.xyz', 'covin.xyz' or 'co-vi-n.xyz' etc., users must be very careful and should check the website url before registering on it.
Users should not download any other app promising them a vaccine appointment and must stick to only CoWIN and Aarogya Setu.
Do not download CoWIN or Aarogya Setu App from any random source on the internet. In most cases, they contain malware in them which might even give the threat actor a complete access to the victim's mobile. Users must download it from either the Google Play Store or App Store.
If users are sent any message related to registration of COVID-19 jab, they must look for the sender of the message and must avoid clicking on any links if the message is not from the government. The Government of India will never send any message from a private number.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)