A FAKE COVID-19 vaccine registration SMS that “maliciously” gains entry into a users’ Android phone leading to compromise of individual contact list is in circulation, the federal cyber security agency has alerted. The harmful SMS has been identified by at least five variants. “It has been reported that a fake SMS message is in circulation that falsely claims to offer an app to let users register for COVID-19 vaccine in India.” “The SMS carries a link that installs the malicious app on Android-based devices, which essentially spreads itself via SMS to victims’ contacts,” the Indian Computer Emergency Response Team or CERT-In said in a public advisory issued on Saturday.

 

The agency is the federal technology arm to combat cyber attacks and guarding the Indian cyber space against phishing and hacking assaults and similar online attacks. It added that the “app also gains unnecessary permissions that attackers could leverage to acquire user data such as contact list.” Some of its identified variants are: Covid19.apk; Vaci__Regis.apk; MyVaccin_v2.apk; Cov-Regis.apk and Vccin-Apply.apk. The advisory said that the only “official” online link to register for coronavirus vaccination in the country is the portal-- http://cowin.gov.in. It asked users to be alert against all attempts of phishing through fake domains, emails and text messages that promise registration for a jab against the pandemic.