Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears

Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears

SUMMARY

The fake versions are able to make phone calls, record videos and calls

The spyware also download the original Aarogya Setu app to be less susceptible

Recently, the govt made Aarogya Setu app open source for experts to find vulnerabilities

As privacy concerns around Indian government’s Aarogya Setu app ease up with the app being made open source, cybersecurity researchers have found fake apps masquerading as the contact tracing app and siphoning off user data.

Cybersecurity firm SonicWall Labs Threats found that malicious fakes of the Aarogya Setu app which were spyware in disguise. These apps were capable of making phone calls to premium numbers, recording phone calls, sending SMSes, taking photographs and also recording videos.

“As the Aarogya Setu App gained popularity in India, it became a target for malware creators. With increasing cyber threats it appears that cybercriminals are working overtime to create dissonance among mass app users,” Debasish Mukherjee, VP of regional sales APAC at SonicWall, said.

The firm highlighted that even uninstalling the app through the regular methods only removes the app in the front, whereas the spyware would still be present on the device. The users can only remove the spyware by uninstalling the apps through settings.

The research team also observed that some of these malicious apps are piggybacking on the legitimate Aarogya Setu app in the resources folder, which is used to store values for details and permission of apps in the Android operating system. Such malicious apps also download the original version of the app in the background to fool the user into believing they’re using a legitimate app. However, the app continues to use its spyware in the background.

A previously discovered fake Aarogya Setu “add-on” app also sought device admin privileges and permissions to install other apps once downloaded. The app, too, installs the original Aarogya Setu app from the resource folder to deceive users.

The firm also highlighted that it is difficult to highlight malicious apps based on the icons. In most cases, the common element was the range of spyware capabilities, it added.

Meanwhile, the real Aarogya Setu app had failed the MIT Technology Review test of contact tracing app, getting one out of five stars due to some issues related to data collection and privacy. However, since then the app has been made open source with the government opening up the code for examination.

On May 26, the government made the Android version of the Aarogya Setu open source and plans to do the same with iOS and KaiOS versions. Now, the government is allowing developers and cybersecurity experts to find loopholes and vulnerabilities in the app.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears-Inc42 Media
Fake Aarogya Setu Apps Steal User Data, Add To Privacy Fears-Inc42 Media
You’re in Good company