As countries around the world have begun providing Covid-19 contact tracing apps to their citizens, cybercriminals have taken advantage of this to distribute Android malware, according to a new report from EclecticIQ and ThreatFabric. Researchers from both companies and others have identified malicious Android apps disguised as official contact tracing apps for Colombia, India, Singapore, and Indonesia. Surprisingly, the Indian sampler was released just 13 days after the official Indian contact search app was made available on the Google Play Store. After analyzing the samples, EclecticIQ and ThreatFabric discovered that they were using SpyMax, SpyNote, and Aymth basic and open source malware. The attackers also repackaged applications with Metasploit to give them remote access capabilities for Trojans. To distribute their malicious contact tracing apps, cybercriminals have relied on phishing links designed to trick users into installing their apps. Based on the findings of the EclecticIQ report and ThreatFabric, it is almost certain that threat actors will continue to use open source-based malware disguised as legitimate contact tracing applications for financial purposes. The low barrier to entry provided by these tools, combined with the continued deployment of contact tracing applications by countries around the world, presents continued financial opportunity for cybercriminals in the near future. Peter Ferguson, cyber threat intelligence specialist at ElecticIQ's Fusion Center, explained in a press release that users should only download Covid-19 contact tracing apps from official app stores, saying: "Users You should never download Android contact finder apps from the links sent to you or from third party stores.If you want to download your country contact finder app, you should use the official site or Google Play Store." Throughout the pandemic, cybercriminals have repeatedly tried to take advantage of the disruption it has caused around the world by using Covid-19 as a lure to trick users into installing malware on their devices. It is likely that they will continue to launch similar campaigns due to their success thus far. This means that both businesses and consumers need to remain vigilant about threats and scams related to Covid-19.