Apps enable hackers to take control of mobile device via remote shell to access SMS, Microphone, Camera and more.
Check Point identified malicious applications, masquerading as innocuous coronavirus apps, that are really designed to take control of your Android device. Once the malicious application is installed, a hacker takes intrusive control of your device via a remote shell, accessing a person’s calls, SMS, calendar, files, contacts, microphone and camera, in addition to write, add and send privileges. The malicious applications were not found on Google Play Store, but were discovered in new Coronavirus-related domains, which researchers believe were created specifically for the intention to deceive the masses by leveraging the fear circling coronavirus. Most frightening is the speed and ease of which these device takeover apps can be created, and who can create it.
Anyone in 15 Minutes
After the discovery, Check Point researchers began to trace the origins of the malicious applications. The applications were crafted via Metasploit, a free-penetration testing framework that makes hacking simple. Using Metasploit, anyone with basic computer knowledge can craft the same malicious applications in just 15 minutes. It’s as simple as: point Metasploit at your target, pick an exploit, choose a payload to drop, and hit Enter. In this case, the Metasploit crafted apps were targeting everyday people searching for Coronavirus related content.
It Hides
Check Point researchers were able to find three samples, created by Metasploit Framework, carrying the innocent name – ‘coronavirus.apk’. This app can be easily delivered and installed on large numbers of devices, and can execute device takover. Once executed on the Android device, the app starts a service that hides its icon in order to make it harder to get rid of it. It continues by connecting to a C&C server (Command and Control) stored in an array in the malware’s code.
