Security firm finds stalkerware disguised as Aarogya Setu app1 min read . Updated: 20 Jul 2020, 04:01 PM IST
- Apps capable of spying or stalking people grew by 20% in India during the lockdown as compared to the first two months of the year
NEW DELHI: Cybercriminals are using stalkerware disguised as India’s Aarogya Setu app to spy on users, internet security firm Avast has found.
Apps capable of spying or stalking people grew by 20% in India during the lockdown as compared to the first two months of the year, a new report by Internet security firm, Avast, showed. India wasn’t the only country affected though, the company also found a 51% increase in the use of spyware and stalkeware globally between March and June.
Avast found that a number of covid-19 related apps were actually designed to spy on users. Three stalkerware apps in India were named after Aarogya Setu, which is the Indian government’s covid-19 contact tracing app. The company hasn’t mentioned which apps these are, or how users can avoid them.
The stalkerware apps often have names like Aarogya Setu Add On or Aarogya Setu Installer, and the company said these are likely being downloaded from the Internet or third party app stores. None of these apps are available on Google Play directly, meaning if you downloaded Aarogya Setu from the Play Store, you got the right version.
“When downloaded, the official Aarogya Setu app gets installed along with the stalkerware app. The stalkerware apps use the original app to get approval from the user to allow the collection of sensitive information," the company said in a press release.
Among other things, the apps use Android’s AccessibilityService feature to gain access to phone calls, contacts, the SIM card’s serial number, send or receive text messages and even records calls and audio through the phone. They can even hide their icons so that users don’t notice them and can mute the phone’s ringer when required.
“Stalkerware is a growing category of domestic malware with disturbing and dangerous implications. While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim," said Jaya Baloo, CISO, .
Aarogya Setu is by far the most downloaded contact tracing app in the world. The app surpassed 10 million downloads in an extremely short time and the Indian government has marketed it as an important element of its efforts to get the pandemic under control.