Hackers target mobile users in Italy and Spain, taking advantage of coronavirus hot spots

It's a reminder of the cruel opportunism with which many cybercriminals approach the crisis.
coronavirus mobile malware
A policeman in front of Rome's Trevi Fountain. More than 7,500 people in Italy have died from the novel coronavirus. (Getty Images)

Coronavirus-themed scams show no signs of letting up as hackers have tried to breach mobile phone users in Italy and Spain, the two countries with the most deaths from the virus.

Attackers laced mobile apps with malware to try to steal data from, or otherwise compromise, Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps posed as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection.

“Because of the current situation, many [hacking] campaigns are either migrating to a COVID-19 theme or new campaigns are created with a COVID-19 theme,” said Lukas Stefanko, an Android security specialist at ESET.

The apps were available for download for a couple days, Stefanko said. It is unclear how many people downloaded them.  The malicious app targeting Spanish users is no longer available; it is unclear whether the Italian app still is.


It is a reminder of the cruel opportunism with which many cybercriminals approach the crisis. When people turn to their phones for information on the deadly virus, hackers see an opening.

As of this writing, the novel coronavirus had killed 7,503 people in Italy and 4,089 in Spain, according to Johns Hopkins University data. Hospitals have been overwhelmed with patients, forcing health care workers to erect makeshift facilities.

The malicious Android app targeting Spanish users is a banking trojan — code designed to steal financial information — that emerged last year. It was available on a third-party malicious website and not the authorized Google Play store, ESET said.

SoftMining, the Italian company that created the legitimate app for COVID-19 tracking, has warned users that “some hackers are sending counterfeit versions of our app in which they have injected malicious code.”


Stefanko doesn’t know who is behind the attempts to hack these particular users. The two campaigns do not appear to be related, he said.

The malicious activity is part of a broader surge in COVID-19-related fraud and phishing in recent weeks. Some are using attention on the Johns Hopkins COVID-19 map to distribute malware. U.S. Attorney General William Barr has vowed that prosecutors will crack down in response.

It’s not just criminals who are exploiting the crisis. Surveillance-minded hackers from Libya to China are also tailoring their activity to COVID-19 fears.

In response to the increased cyber activity, many security professionals are volunteering their time to protect medical organizations from hacking.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts