• CERT Admin
  • Fri Mar 27 2020
  • Alerts

Threat Level 



Random SMS (Short Message Service) are sent to users with a notice for free distribution of masks against COVID-19 virus. SMS is equipped with a URL/Link.

Smishing: Phishing method using text messages


Once user has clicked the URL/Link in the SMS, browser will pop up a message " Please update the latest version of Chrome for improved service experience". Malicious application will be installed upon clicking the " OK" button. 

     1. Attacker sends the COVID-19 smishing.
    2. Victim clicks the URL/Link in the SMS.
    3. Malicious application disguised as chrome browser update and will be installed if the victim click " OK" button.
    4. Malicious application is launched and leaking personal information. 


     ✻  Leakage of personal information
     ✻  Hijack of information such as messages, phone numbers, model information, bank applications, public certificates, etc. 

Solution/ Workarounds 

    ✻  Refrain from clicking URL/Link received from unknown
    ✻  Personal information such as mobile number, ID, Usernames, Passwords, etc. should be entered only on trusted sites.
    ✻  Refrain from doing purchases from untrusted websites.
    ✻  Inform your acquaintances of the smishing incident, as the installedmalicious application most likely will send similar SMS to your contact list.




The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Fri Mar 27 2020