- A fake app that claims to help with COVID-19 vaccine registration has been doing the rounds.
- The app is malware and it propagates itself via an SMS link sent to all the contacts of an affected device.
- Only the official Cowin website and Aarogya Setu app can be used for vaccine registrations in India.
Now that the Indian Government has opened up the registration for the COVID-19 vaccine for all citizens aged 18 and above, people are scrambling to get their jabs. However, the official Cowin portal doesn’t seem to be doing its job well, prompting users to look at alternatives. This has caused several users to fall prey to a fake COVID-19 vaccination app that claims to book a slot for you. In reality, the app is malware and should be avoided at all costs. Once it attacks a victim’s device, it spreads via SMS, sending a download link to all contacts on the affected device. This malware was bought to light by Malware researchers Lukas Stefano and MalwareHunterTeam.
As seen in the Tweets above, the alleged COVID019 vaccination app asks for a laundry list of permissions from a user. The worst part is, we don’t know what else the malware does other than propagate itself via SMS. It could potentially transmit sensitive information from your devices, such as your contact list and gallery images to unscrupulous third parties. SMS-based worms are nothing new and have been around for a long time. Some time ago, a fake app promising three months of free Netflix also used a similar method.
As always, we recommend that one exercise caution when clicking on mysterious links, even if they have been sent by someone you trust. Currently, there is only one method of registering yourself for a COVID-19 vaccine, which is via the Cowin website and the Aarogya Setu app. Everything else is a scam and you’re better off staying away from such websites/apps.