New Delhi: The central cyber has alerted that a fake COVID-19 vaccine registration SMS that "maliciously" gains entry into users' Android phones, leading to compromise of the individual contact list is in circulation. The harmful SMS has been identified by five variants.
Sources said that a fake SMS message is in circulation that falsely claims to offer an app to let users register for the COVID-19 vaccine in India.
The Indian Computer Emergency Response Team (CERT-In) said in a public advisory issued on Saturday the SMS carries a link that installs the malicious app on Android-based devices, which essentially spreads itself via SMS to victims' contacts. The agency is the federal technology arm to combat cyber attacks and guarding the Indian cyberspace against phishing and hacking assaults and similar online attacks.
"The app also gains unnecessary permissions that attackers could leverage to acquire user data such as contact list," the agency added.
Some of its identified variants are:
The advisory said that the only "official" online link to register for the COVID-19 vaccination in the country is the portal - http://cowin.gov.in. It asked users to be alert against all attempts of phishing through fake domains, emails, and text messages that promise registration for a jab against the pandemic.
It also advised users to tune their phone setting in a manner that disables the installation of apps through "untrusted sources" and that sides should undertake safe browsing and use trusted anti-virus and internet firewall tools as part of measures to check such malicious attempts of data breach.
At present, India is administering two COVID-19 vaccines - Covishield and Covaxin, to its citizens and according to official data, the central government has provided nearly 18 crore vaccine doses to states and union territories so far.