image
A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFOX Alpha Team have uncovered various privacy concerns and security vulnerabilities – including a backdoor in various apps. The apps are either created and endorsed by countries or invented as one-offs by threat actors to take advantage of the current pandemic, according to a blog post published Monday. Researchers analyzed dozens of COVID-19 apps – which continue to emerge with the spread of the coronavirus, paving the way for related security threats across the globe. In the analysis, they highlighted three that pose a particular threat to citizens, citing not only potential cybercriminal activity but also simple mistakes by app developers. In early March in Iran, one of the first places COVID-19 emerged as a serious health threat, the government released an official app, available on an Iranian app store known as CafeBazaar. The app was meant to track citizens, and it sparked privacy concerns because rather than provide vital health information, it appeared to have the sole purpose of harvesting user personal information, researchers wrote. If the app itself wasn’t worrisome enough, threat actors also created a copycat app, dubbed CoronaApp, available online for direct download by…

Source