Threat Database Trojans 'Get Corona Safety Mask' Scam

'Get Corona Safety Mask' Scam

By GoldSparrow in Trojans

The 'Get Corona Safety Mask' scam is yet another con based on the Coronavirus pandemic that has engulfed the globe. Cybercriminals are shameless individuals who would not bat an eye to use people's fear and anxiety to make a buck. This is why numerous cyber crooks from all around the world are using the COVID-19 pandemic to trick unsuspecting users.

According to reports, there are two iterations of the 'Get Corona Safety Mask' con. The first of the reported variants of this tactic urge users to download and install an application for their Android devices that is meant to redirect them to an online store, which sells masks. The application in question is presented as an advertisement on a website called '' However, if the targeted user falls for this scheme and installs the shady application, they will find that this is a ransomware threat quickly. This Android-based ransomware threat will lock the users' files and ask them to pay a fee if they want to recover their data.

Another domain affiliated with the 'Get Corona Safety Mask' scam is '' The operators of this site urge users to install an application called 'Corona Safety Mask,' which is meant to direct them to a reputable seller, who is offering masks that will protect them from the ongoing COVID-19 pandemic. However, the purpose of the 'Corona Safety Mask' application is not to offer the user masks, but to hijack their Android device. As soon as the user installs the fake application, this utility will ask for permission to manage the user's text messages, as well as to access their contacts list. If the users provide the dodgy application with the permissions demanded, this application will try to text all their contacts a link alongside a fake message – 'Get safety from corona virus by using Face mask, click on this link download the app and order your own face mask - hxxp://' This propagation technique may allow this dodgy application to compromise the devices of thousands upon thousands of users. After cybersecurity researchers investigated this dubious application, they found that this application is likely still in progress, as it does not appear to be finished yet. Users who launch it will view a prompt that contains a link to a website called '' However, this domain name has been bought very recently, and there are no sellers offering masks on the site. Once the conmen behind the 'Get Corona Safety Mask' scam finish the Web page in question, it is likely that this shady site will demand users fill in their payment information, which may lead to significant financial losses for the targeted individuals.

Researchers from ThreatLabZ found one such threat recently. The virus comes from, and it serves up a nasty dose of Android ransomware. The app disguises itself as a legitimate app that alerts people when they come into contact with someone with coronavirus. Researchers also found another domain - hxxp:// – that asks users to download and install an APK to get their own "Corona safety mask."

coronavirus safety mask scam
Example of Bogus Coronavirus Safety Mask Web page

What Does the “Get Corona Safety Mask” Virus Do?

Like any other app, the APK asks for permission to access certain areas and functions of the phone. This APK asks for permission to access contacts and send SMS messages. Such a request should be a huge red flag to any user that they need to delete the app before it does anything quickly.

Should the user access the app, the app tells them to click a button. The button contains a link to a website that sells masks. This action would suggest that the app steals any credit card information the user puts in to buy the mask, but analysis showed that it doesn’t do this. Researchers believe the app is in the early stage of development, so perhaps such a feature could be added later.

For now, the app opens the following website;

Example of URL accessed by the app

Perhaps what is happening behind the scenes is more important than what the user can see. The app will check if it has sent an SMS or not. If it hasn’t already sent an SMS, it pulls up all of the contacts on the phone as shown below;

Example of App Initial Checks

After collecting information on the contacts on the phone, the app sends every contact an SMS. The message contains a link to download the app and is how the virus spreads. Researchers installed the app into a controlled environment and let it work, and received the following SMS from the virus;

Example of Coronavirus Safety Mask Scam SMS Message

The message reads:

Get safety from corona virus by using Face mask, click on this link download the app and order your own face mask - hxxp://

If you want to protect yourself against the Coronavirus and buy a mask, we can assure you that you should avoid dodgy applications like the 'Corona Safety Mask' application and similar tactics that are plaguing the Web at the moment.


Most Viewed