As governments around the world release Covid-19 contact tracking apps to their citizens to slow the spread of infection, cybercriminals are creating fake versions of these apps.

Security researchers at Anomali Threat Research (ATR) warned yesterday (June 10) that cybercriminals are "distributing fake Android apps themed after the official government Covid-19 contact tracking app."

The researchers found 12 malicious apps pretending to be legitimate contact tracking services. In fact, these apps are planted with malware such as Anubis and SpyNote.

Anubis is a banking Trojan that seeks access to online bank accounts, while SpyNote monitors user data once a device is infected.

"Once installed on a device, these apps are designed to download and install malware, monitor infected devices, and steal banking credentials and personal data," the ATR researchers warn.

"ATR believes that the fake apps are likely distributed through other apps, third-party stores, and websites," they added. At the time this research was published, no fake apps were confirmed to exist in the Google Play store."

According to ATR, the app targets citizens of several countries, including Armenia, India, Brazil, Colombia, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore.

The report warns that cybercriminals are increasingly taking advantage of the pandemic: "Threat actors continue to mimic official apps to take advantage of the brand recognition and perceived trust of apps released by government agencies. [The global impact of the Covid-19 pandemic has made the virus a highly recognizable and potentially fear-inducing name. The survey provided a glimpse into some of the applications actively distributed by threat actors.

To avoid becoming a victim of such scams, always obtain Android apps only from the official Google Play Store and install one of the best Android antivirus apps.