NEW DELHI: Cybercriminals are using stalkerware disguised as India’s Aarogya Setu app to spy on users, internet security firm Avast has found.
Apps capable of spying or stalking people grew by 20% in India during the lockdown as compared to the first two months of the year, a new report by Internet security firm, Avast, showed. India wasn’t the only country affected though, the company also found a 51% increase in the use of spyware and stalkeware globally between March and June.
Avast found that a number of covid-19 related apps were actually designed to spy on users. Three stalkerware apps in India were named after Aarogya Setu, which is the Indian government’s covid-19 contact tracing app. The company hasn’t mentioned which apps these are, or how users can avoid them. Mint has requested Avast for more details on the same.
“When downloaded, the official Aarogya Setu app gets installed along with the stalkerware app. The stalkerware apps use the original app to get approval from the user to allow the collection of sensitive information,” the company said in a press release.
Among other things, the apps use Android’s AccessibilityService feature to gain access to phone calls, contacts, the SIM card’s serial number, send or receive text messages and even records calls and audio through the phone. They can even hide their icons so that users don’t notice them and can mute the phone’s ringer when required.
“Stalkerware is a growing category of domestic malware with disturbing and dangerous implications. While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim,” said Jaya Baloo, CISO, .
Aarogya Setu is by far the most downloaded contact tracing app in the world. The app surpassed 10 million downloads in an extremely short time and the Indian government has marketed it as an important element of its efforts to get the pandemic under control.