It is the most talked about in online security services, platforms and companies: Confinement and the Covid-19 crisis have triggered cybercrimes of all kinds. And in case there were not enough scams and phishing scams to keep our data, we must add a new fraudulent campaign through SMS messages. A campaign that invites you to take an online self-assessment test to see if you have the Covid-19.

Crown-smishing

Detected by OSI, this campaign is based on an SMS message that says

“Take the Covid19 self-assessment test http://xxxxxxxxxxx.net”

This sms contains a link that redirects to a false website that simulates belonging to the Ministry of Health and the Carlos III Health Institute. From this, the user is urged to click on a link to perform a self-assessment on the symptoms of the coronavirus, which actually downloads malware.

The sender of the SMS is identified as COVID-19, and the link it contains is HTTP, so the web does not protect your communications, which “is suspicious, given that it claims to treat sensitive information such as this health data.”

The fake website that leads you to download malware

If we access this website, we will find the logo of the Ministry of Health and the Carlos III Health Institute, this can be confusing to the user and make him believe that the initiative is real. We can also see that the statistics it shows are from fairly current data, the quality of the graphics is good and some links redirect to legitimate websites of the Ministry of Health and the Carlos III Health Institute, but there are also poorly written texts, one of the best clues to know that we are dealing with something false and unofficial.

Malware by apk

This screen has a more striking central button, which invites to be pressed. What happens if we do it? Well a file Covid19.apk will be downloaded to our device, an installer for the Android system that contains the malware application, which will immediately infect the entire terminal if you run it.

In this case, for the infection to occur, you must open the link, access the fake website, download the .apk file and install it. But if you have opened the link even if you haven’t run the downloaded file, then nothing happens, your device will not have been infected. All you have to do is delete this apk that you will find in your file manager, inside the download folder. Also delete the message from your inbox and voila.