Beyond the Virus: A First Look at Coronavirus-themed Mobile Malware

by   Ren He, et al.

As the COVID-19 pandemic emerges in early 2020, a number of campaigns have started capitalizing the topic. Although a few media reports mentioned the existence of coronavirus-themed mobile malware, the research community lacks the understanding of the landscape of the coronavirus-themed mobile malware, and there is no publicly accessible dataset that could be utilized to boost the related research. In this paper, we present the first systematic study of coronavirus-themed mobile malware. We first make efforts to create a daily growing COVID-19 themed mobile app dataset, which contains 2,016 COVID-19 themed apps and 277 malware samples by the time of May 26, 2020. We then present an analysis of these apps from multiple perspectives including popularity and trends, installation methods, malicious behaviors and malicious campaigns. We observe that the growth of the number of COVID-19 themed apps is highly related to the number of confirmed cases of COVID-19 in the world. Most of them were released through distribution channels beyond app markets. A majority of the malicious apps (over 53 using the same app identifiers and some of them use confusing similar app icons with the official ones to mislead users. Their main purposes are either stealing users' private information or making profit by using the tricks like phishing and extortion. Furthermore, we find that only 40% of the COVID-19 malware creators are habitual developers who are active for a long time, while 60% of them are new emerging ones in this pandemic and only released COVID-19 themed malware. The malicious developers are mainly located in US, mostly targeting countries including English countries, Arabic countries, Europe and China. To facilitate future research, we have publicly released all the well-labelled COVID-19 themed apps (and malware) to the research community.


page 6

page 8

page 9


Don't Fish in Troubled Waters! Characterizing Coronavirus-themed Cryptocurrency Scams

As COVID-19 has been spreading across the world since early 2020, a grow...

A First Look at Android Applications in Google Play related to Covid-19

Due to the convenience of access-on-demand to information and business s...

Characterizing Cryptocurrency Exchange Scams

As the indispensable trading platforms of the ecosystem, hundreds of cry...

Sharing Heartbeats: Motivations of Citizen Scientists in Times of Crises

With the rise of COVID-19 cases globally, many countries released digita...

MeetDurian: A Gameful Mobile App to Prevent COVID-19 Infection

The COVID-19 problem has not gone away with the passing of the seasons. ...

A First Look at COVID-19 Domain Names: Origin and Implications

This work takes a first look at domain names related to COVID-19 (Cov19d...

Lifting The Grey Curtain: A First Look at the Ecosystem of CULPRITWARE

Mobile apps are extensively involved in cyber-crimes. Some apps are malw...

Please sign up or login with your details

Forgot password? Click here to reset