Most malicious apps are camouflaged as benign apps using the same app identifiers (e.g., app name, package name and app icon). We observe that the COVID-19 themed apps as well as malicious ones began to flourish almost as soon as the pandemic broke out worldwide. We then present an analysis of them from multiple perspectives including trends and statistics, installation methods, malicious behaviors and malicious actors behind them. We first make efforts to create a daily growing COVID-19 themed mobile app dataset, which contains 4,322 COVID-19 themed apk samples (2,500 unique apps) and 611 potential malware samples (370 unique malicious apps) by the time of mid-November, 2020. In this paper, we present the first systematic study of coronavirus-themed Android malware.
Although a few media reports mentioned the existence of coronavirus-themed mobile malware, the research community lacks the understanding of the landscape of the coronavirus-themed mobile malware. As the COVID-19 pandemic emerged in early 2020, a number of malicious actors have started capitalizing the topic.
