The government has alerted law enforcers (state police forces, CISF, etc) and security forces (Indian Army, paramilitary forces, CRPF, ITBP, etc) of a cyber attack on India from Pakistan-based hackers. The Pakistani hackers are likely to send messages or emails to Indians, claiming the link in the message/email helps download the Aarogya Setu app, clicking on which will instead download a malicious application called ChatMe.
If an unassuming user happens to click on the link, all his/her personal data stored in the smartphone, as well as linked devices, are transferred to Pakistan, the confidential advisory from the Ministry of Home Affairs (MHA) says.
The message is titled “Aarogya Setu apk”, where the gullible recipient may not find it suspicious even though “app” appears as “apk”, and take it for “application”.
Clicking on the link would lead to the downloading of the ChatMe app. How the screen of the device will then look can be seen in the MHA document above.
The best way to avoid getting snooped is just avoiding the link and deleting the message/(spam) email. A user cannot afford to feel safe if his/her device says that the app is trying access to the storage. That is all it asks for. But, without asking the user, it steals all the data from the phone as well as from devices connected to the phone.
Earlier, the Commissionerate of Police, Bhubaneswar-Cuttack, had on 6 May issued this alert against a cyber attack from Pakistan. “Please do not click on the link to download Aarogya Setu App,” the police cautioned on its twitter handle.
“These links are malicious and leading to download of an App called ChatMe on the screen, which is being used by Pakistan-based groups to take away data,” the Commissionerate of Police had said.
On this very day, the Central Bureau of Investigation (CBI) has issued an alert about a banking ‘Trojan’ known as Cerberus — based on inputs received from INTERPOL. This malicious software takes advantage of the worldwide COVID-19 pandemic to impersonate and send SMS using the lure of coronavirus-related content to download the embedded malicious link. The programme then deploys its malicious mobile application, which usually spreads via phishing campaigns to trick users into installing it on their smartphones.
This Trojan primarily focuses on stealing financial data such as credit card numbers. In addition, it can use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details.
Cerberus is a multi-headed dog that guards the gates of the underworld in Greek mythology.
The malicious software was made in 2017 but discovered only last year by the cyber group ThreatFabric.
“What makes Cerberus dangerous is a mix of three things: it’s a completely new code, privately used for 2 years without detection, publicly advertised as malware for hire,” says the Keychest blog.
The hackers who made Cerberus are so brazen, they even run a Twitter handle, with which they make fun of other IT whizkids, especially AV professionals.
Cerberus is known to attack Android phones alone whereas ChatMe can affect an iPhone too.
In either case — ChatMe or Cerberus — if one downloads the software by mistake, the smartphone must go for a factory reset. Thereafter, all the passwords of accounts the device held must be changed. The operating system and the security applications must be updated too.