This Android Malware is stealing your Bank Account, Credit card numbers using COVID-19 Label


This Android Malware uses COVID label and stealing your Bank account numbers, credit card numbers, call log, contacts, messages, photos and much more

According to the current pandemic situation all over the globe, people are forced to work at home. Due to COVID-19, there are numerous cybercrime cases have taken place, that have targeted big companies to leak their data. Similarly, here is an Android Malware injected in an app with a label COVID. This Malware once exploited steals data like bank account numbers, credit card numbers, call logs, contacts, messages, photos, and much more.

How is this Malware is injected into your Android Smartphone?

Users often use multiple news apps to be updated things happening around them. But sometimes users do not get the app they want to download or the app is not available in their country. However, the users download that app from some of the websites which are not trusted or unofficial. What happens when users download these apps from unofficial or untrusted websites? These websites can have Malware injected into their apps from hackers which get exploited when users download them and install it on your Android Smartphone.

Read, more How to disable Full-Screen(Pop-up) Ads on any Android Smartphone

According to a report, The Package name of the app is DZ.Eagle.Master and the app name is labeled as COVID to fool people. The Package describes as the app provides the latest COVID news and cases around you.

The Malware is present in the package and has four different versions and is detected as Android.Trojan.InfoStealer.UQ 

When the user runs the application, nothing happens; it just opens and closes quickly, but in the background, there’s a lot of activity. First, the malware contacts the Command & Control (C&C) and sends the device’s info, including the network operator, phone model, manufacturer, SIM serial number, the Wi-Fi IP address, and the Internet IP address. The C&C sends back a settings.xml file, which it stores in its assets folder.

<?xml version=”1.0″ encoding=”utf-8″?><XML><HP Host=”flyrosebifr[.]webhop[.]me”>1954</HP><Fdir Pkd=”DZ.Eagle.Master”>Covid</Fdir></XML>

settings.xml file

The threat uses the old but still valid Jawa Barat certificate. The certificate was leaked years ago by its developer and is now used to sign repackaged samples with PUA, Adware, or malware components. Because the certificate wasn’t revoked, it’s still heavily used in apps and malware.

Affected by this Malware? Here is how you can remove it

You need to download an Anti-Virus software known as Malwarebytes which is free to download on Play Store. You can download Malwarebytes on your Android Smartphone from Google Play Store from here. You can also do it from any other Anti-Virus but we prefer you to do it by Malwarebytes as it is the best Anti-virus Software right now.

After downloading Malwarebytes on your Smartphone go for full scan and wait for the scan to complete. After the completion of the Scan Malwarebytes will give you a list of apps and files which contain this Malware. Delete those files and uninstall those apps which are been listed by Malwarebytes.

After deleting/uninstalling the file/app your Android Smartphone is free from that harmful Malware.

The Coronavirus situation has become friendly for hackers as there are a number of hacking attacks taking place. However, to stay protected change your pins, passwords regularly and apply for 2-factor authentication if available.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments