Android COVID-19 threats

This presentation will provide an overview of various Android threats that were distributed in the first half of 2020 while abusing a COVID-19 theme. I will discuss distribution vectors of various malicious campaigns covering spyware, ransomware, an SMS worm, banking trojans, adware, malicious tracking apps, fake government apps, etc. These threats tried to exploit vulnerable users in this pandemic situation by impersonating coronavirus trackers, government apps, coronavirus symptom identifiers, financial loss compensation claims, fake Zoom apps, and others.

For the banking trojan, I have prepared a video demonstration from a campaign that was distributed in Italy and displays a victim device browsing a malicious website, downloading malware and exfiltrating the victim’s data. In addition, I will demonstrate newly discovered Android ransomware impersonating an official COVID-19 tracing app. When I analyzed this threat, I found a vulnerability that allowed for the creation of a decryption tool which will be also demonstrated.