It didn’t take long for criminals to take advantage of Prime Minister Justin Trudeau’s announcement that Canada has approved a COVID-19 tracing app to go into action.
According to security vendor ESET, it discovered two fake websites designed to look like official Government of Canada sites were quickly created after the June 18 announcement, advertising a so-called official Android official COVID-19 tracing app allegedly endorsed by Health Canada.
“The sites use convincing domains and are lacking the typical spelling mistakes that usually make it easy for a discerning eye to spot it as a risk,” ESET said in a news release late Tuesday.
And while the app may look convincing, it contains Android ransomware named CryCyptor that encrypts files on the victim’s smartphone. Then they are told to email the attacker “to discuss recovery.”
ESET said that on Tuesday it notified the Canadian Centre for Cyber Security, the federal department that advises the public and private sectors on protecting critical infrastructure. In an interview this morning Alexis Dorais-Joncas, lead of ESET’s research and development team in Montreal, said the two sites — which were hosted in the Netherlands — were down by Tuesday afternoon. No other sites are distributing the fake app so far.
In a statement this afternoon the Canadian Centre for Cyber Security confirmed that working with “a commercial partner” the two phony sites have been taken down.
“Throughout the global COVID-19 pandemic, the Cyber Centre has worked closely with industry partners and commercial and international cyber response teams to facilitate the removal of malicious websites, including those that have spoofed Canadian Government departments and agencies,” said the statement. “These efforts have resulted in the removal of a significant number of Canadian themed fraudulent sites that were designed specifically for malicious cyber activity, such as phishing and malware delivery.
“Canadians must exercise constant vigilance and awareness about fake and malicious web sites and applications related to COVID-19 that are attempting to steal money or personal information, including fake COVID-19 exposure notification applications.” That includes, the statement added, only downloading applications from trusted app stores.
For the latest security alerts and updates on how to stay cyber safe during the COVID-19 pandemic follow the Cyber Centre on twitter at https://twitter.com/cybercentre_ca and its web site: www.cyber.gc.ca
“Extra caution is urged for users of Android devices,” ESET’s Dorais-Joncas said, “as this scheme looks close to the real deal.” Smartphone users should only download apps from reliable official sources such as Google Play or Apple stores.”
The real exposure notification app is scheduled to be released July 2nd in Ontario for beta testing.
It wasn’t long after governments around the world began distributing COVID-19 apps to help manual contact tracing that criminals started releasing malware-filled fake apps. In March, Domain Tools reported finding a site offering a real-time Android Coronavirus outbreak tracker that allegedly had statistical information about the spread of COVID-19. Instead, it carried a new strain of ransomware dubbed CovidLock, which forced a change in the password used to unlock the phone. It demanded $100 in bitcoin within 48 hours or data would be erased. However, phones with Android 7 and up are protected from this attack.
Fake COVID apps and fake websites are among the ways criminals have taken advantage of the pandemic. Governments and law enforcement agencies are trying to fight back. At the beginning of May, the Canadian Centre for Cyber Security said it had taken down over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians since the start of the year.
Once governments began distributing COVID-19, support funds for individuals and business criminals also followed with fake application websites.
Dorais-Joncas said the first hint of the fake Canadian websites and app came two days ago from a tip on Twitter. He wasn’t surprised at the move because hackers often take advantage of something in the news — in this case Trudeau’s announcement — to base an attack campaign on.
(This story has been updated from the original to include comments from ESET’s Dorais-Joncas and the statement from the Cyber Centre.)