COVID-19 vaccination drive is currently in full force as we need to control the spread of the virus as early as possible. The situation is quite bad as COVID-19 patients are not able to find a hospital bed or even oxygen cylinders in many cities. Even with this situation, hackers and scammers are looking for new ways to trouble people.
According to a recent report, people have started receiving SMS messages that claim to offer information on COVID-19 vaccination. These SMS messages come with a link attached and if anyone clicks on it, they will open the door for the malware to enter in their smartphone instead of gaining information on COVID-19 vaccination.
The new malware is being called SMS Worm and it aims to copy the whole contact list from a person’s smartphone. SMS Worm was first reported by malware researcher Lukas Stefanko on Twitter. He claims that the malware is affecting Android devices in India. In order to bring proof for the topic, the researcher has added screenshots of how the malware spreads via a text message.
These SMS messages come with a link to download a fake vaccine registration app and once a user decides to install it, they will be prompted to give the app access to the contacts list, and permission to send and view text messages.
As reported by Australian risk intelligence firm Cyble, the malware performs different activities on the victim's device. It can enable unauthorized access to private accounts and services. The malware can also be used for unauthorized activities, exposing personal data, and unauthorized deletion of data from the mobile device or services.
Cyble mentioned in a blog post, "New variants of SMS-worms for Android do not appear very often, and this particular variant is an interesting piece of malware and part of a unique attack. Besides tricking unsuspecting users into installing a worm and other software that they may not want, the worm can also use up their billing plan by automatically sending messages without their knowledge."