The government of India recently initiated the liberalised and accelerated Phase 3 strategy of COVID-19 vaccination inoculation in India. Under the third phase, people between the age of 18 to 44 years can get vaccinated by registering themselves on the CoWIN platform and then setting up an inoculation appointment. Trying to take advantage of this scammers are now circulating a fake SMS message that falsely claims to offer an app to let users register for the COVID-19 vaccine in India.
The SMS instead of providing a legitimate way to register for the vaccination aims to download a malware on to the receivers smartphones. The malicious app was initially named COVID-19 and since then has been renamed to Vaccine Register. The attackers are having a lot of success convincing users as a large number of users have been facing issues while registering for the COVID-19 vaccine through the official CoWIN portal.
Lukas Stefanko, a malware researcher at the cybersecurity firm ESET recently tweeted a warning about the SMS asking users to not fall victim of the attack. He states that the SMS is targeted at Indian users designed to impersonate COVID-19 vaccine free registration during the ongoing wave.
Android SMS Worm was updated an hour ago.
It received a light mode and app name was changed pic.twitter.com/ZPUmIVdxrm
— Lukas Stefanko (@LukasStefanko) April 29, 2021
Stefanko has explained that the SMS carries a link that installs a worm app, which then spreads itself via SMS to victims’ contacts. Apart from spreading, the worm also gains unnecessary permissions, which would allow the attackers to leverage to acquire user data.
We recommend all our readers avoid any such SMSes, which contain links to download apps. It is recommended that users download trusted apps only using the official Google Play Store.
Take note, the government is currently accepting registrations for COVID-19 vaccines under phase 3 via the CoWIN portal, Aarogya Setu app and UMANG app.