In the wake of the wide-scale COVID-19 vaccination that is in active progression across India, a new development in the form of fake CoWIN vaccination apps are threatening the process of genuine vaccination and slot booking, as was reported by CERT-In.
Malicious fake CoWIN vaccination apps spreading in numbers:
CERT-In has newly issued an alerting advisory, warning users against fake CoWIN vaccine registration apps that are plaguing the markets.
Cert-In notes that the fake apps of this sort are gaining increasing traction via viral SMS and there are at least five of them that are currently active.
Usually, the SMS advises receivers to download and install any of the five apps on their smartphone. The apps are downloaded as APK files so that scammers can easily inject malware into their smartphones.
Once installed the malicious applications may further raise severe security threats as a result of being able to obtain unnecessary permissions which the threat actors could abuse to access user data and information.
Spotting and evading fake apps:
Some of the APK files installing the fake CoWIN vaccination apps that are being circulated are Covid-19.apk, vaci_regis.apk, myvaccine_v2.apk, cov-regis.apk, vccin-apply.apk.
For users, it is important to note that links forwarded in the text messages instantly start downloading the malicious APKs.
In a general scenario, secure and trusted application links direct users to the Google Play Store, Apple App store other formal app stores of the device OS.
As part of measures to check such malicious attempts of a data breach, it advised users to tune their phone setting in a manner that disables installation of apps through “untrusted sources” and that sides should undertake safe browsing and use trusted antivirus and internet firewall tools.
As for now, users can be sure that the only official portal for booking vaccination slots is the CoWIN portal or the Arogya Setu app. Both of these portals direct users to the website cowin.gov.in where one can book the vaccination slots.