![Coronavirus Themed Android APP on The Prowl to Infect Mobile Devices Coronavirus Themed Android APP on The Prowl to Infect Mobile Devices](https://varindia.com/storage/news/uploads/2018/02/5e6206647529e.jpg)
SonicWall Capture Labs Threats Research team recently observed malware writers misusing the recent Coronavirus scare to propagate their malicious creations. An Android app that goes by the name Coronavirus has been spotted that requests the victim to re-enter the pin/pattern on the device and steals information, while repeatedly requesting for Accessibility Service capabilities.
With additional capabilities based on traces present in the code, the attacker can control the device remotely making this malware a RAT (Remote Access Trojan). This malware persistently tries to invade/ embed itself in the device through multiple means. Android’s battery optimization feature puts an app in a suspended state to conserve battery, but since this malware is a RAT it works best when it is constantly listening for incoming commands from the attacker. Upon installation this malware asks the user to ignore battery optimization for this app thereby preventing this app from going in a low power/sleep state. Later, when the SonicWall team tried revoking this permission from the app, it pulled a basic trick where it presses the back button just before the permission could be revoked. The same trick is used, once the user tries un-installing the app.
In his observations, Debasish Mukherjee as VP, Regional Sales – APAC, SonicWall said, “This is a classic case of the attackers being opportunists. They ride on the fear of the larger public and develop codes to steal sensitive information and control mobile devices remotely. It is advised that people use discretion before falling prey to such attacks.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.