CERT-In warns users about the fake apps masquerading as CoWin

The Indian Computer Emergency Response Team (CERT-In) has warned users about the fake apps masquerading as CoWin, which is the official platform for booking COVID vaccination slots or registering for the vaccine. The CERT has reported that the apps are being circulated through viral SMSes.

The CERT-in has alerted users about the fake CoWin apps that are sneaking into the phones of users and gaining illegal access to the sensitive information of users. The SMS that is doing the rounds claims to provide apps to users to get themselves registered for the COVID-19 vaccine. It has been reported that the language of the SMS changes from time to time but it carries one of the five APK links that the CERT-IN has warned users about.

CERT-in said in its advisory, “The SMS carries a link that installs the malicious app on Android-based devices, which essentially spreads itself via SMS to victims’ contacts. The app also gains unnecessary permissions that attackers could leverage to acquire user data such as contact list.”

The SMS convinces users to download any of the APK links on their smartphone. Notably, none of these APK links redirects user to Google Play Store or Apple App Store when one clicks on it. The APK instantly gets downloaded on the smartphone when one taps on it. No authorized app can get downloaded on phone instantly, the phone would first ask for user permission but nothing like that happens when one clicks on one of these APKs. Such files are being sent with the intention to steal passwords and other sensitive information of users. CERT-In urged has urged users to “beware about phishing and fake domains, emails, text messages and phone calls which falsely claim covid vaccine registrations.”