Fake QR Check-In Apps: How Cybercriminals are Targeting Contact Tracing Protestors
From counterfeit vaccine shipments to forged vaccine certificates, it seems that criminals are using every means available to profit on the COVID-19 pandemic. Now, fake covid-tracing apps are making the rounds across Australia, leveraging ‘anti vaxxers’ and lockdown protestors’ efforts to dodge the check-in.
In the first quarter of 2021, state governments released QR Code check-in apps alongside a number of requirements for citizens to check in to public facilities, public transport, and businesses. As expected, these requirements were met with ample backlash from online protestors, and soon after, dark-web app developers took to creating a work-around for checking in.
How does it work? Simply put, by using a fake check-in app, the user can appear to check-in without actually providing any data. The user scans a QR code as per normal, then arrives at a false page designed to look like a real government QR check-in page. The user shows this to the staff at the check-in location to “prove” that they’ve scanned the QR and checked in, but no covid-tracing or data exchange actually occurs.
This means that users can effectively avoid facing fines or being escorted from the location, without actually contributing contact-tracing information to government databases.
These apps are gaining alarming popularity in online anti-vaccination groups, however, they are not without their risks. Asides from their negative impacts on contact-tracing data collection, use of these apps introduces a major threat to the end-user – namely, malware. The developers of fake contact-tracing apps are often apolitical, and in reality, their intention is simply to infect the end-users device.
In Singapore, the UK and India, users are facing swaths of malware infections when trying to use contact-tracing apps. People looking for a fake contact-tracing app face even higher risk, as these downloads often avoid regulation and security standards by being posted on the dark web.
Furthermore, there is the very real possibility of being caught in the act. Recently, the Australian Federal Police arrested a number of underworld figures from the Australian mafia and biker gangs by putting up for download a fake ‘encrypted messaging app’ which was actually used to monitor the criminal activities of their users.
Considering the importance of accurate contact-tracing, it would not be in the least bit surprising if similar measures are being taken towards fake contact-tracing apps to monitor those attempting to avoid regulations.
I usually end my articles with a few tips on how to stay cyber-safe, but in the case of ‘fake check-in’ apps, it’s as simple as this; don’t use them. If not for the simple point of maintaining contract-tracing validity and helping your state to beat the curve again, then consider the risk of phishing scams, malicious content and malware-embedded downloads you inherit from use of these unsafe applications. It simply is not worth it.
For more cybersecurity news and tips on staying cyber-safe visit cyberware.com