Fake Covid-19 tracking app delivers ransomware, misinformation abounds

ByLance T. Lee

Mar 16, 2020

As Covid-19 spreads across the globe and countries do their best to slow the rate of infection, the attack by cybercriminals on concerned users is escalating day by day. The latest scheme includes a malicious Android tracking app that allows users to keep an eye on the spread of the virus, but locks the victims’ phone and asks for money to unlock it.

Moreover, as many have already discovered, the spread of potentially very dangerous disinformation is reaching massive proportions.

Ransomware disguised as a bogus Covid-19 tracking app

DomainTools security research team warns against discovery of malicious domain (coronavirus application[.]to place) distributing a fake coronavirus outbreak tracking app (Covid 19 tracker), which will allegedly provide users with tracking and statistical information on Covid-19 and heat map visuals.

Once downloaded and executed, the app locks the device screen and displays a ransom note claiming that the phone has been encrypted and all content (contacts, photos, videos, etc.) will be erased if the victim is victimized. does not pay $ 100 in Bitcoin within the next 48 hours.

“Since the deployment of Android Nougat, protection is in place against this type of attack. However, this only works if you have set a password. If you haven’t set a password on your phone to unlock the screen, you’re still vulnerable to CovidLock ransomware, ”the researchers noted.

But there is good news for those who have fallen into the trap: the researchers have reverse engineered the decryption key and will make it public (check out the update at the end of this article).

This is not the first time that cybercriminals have taken advantage of the public demand for information on Covid-19 in the useful form of a global map: case on a global map:

fake Covid-19 tracker

Fight disinformation

Many cybersecurity companies have detected a dramatic increase in registered coronavirus-related domains around the world, some of which are intended to be used for phishing, malware dissemination, snake oil trafficking and disinformation.

The latter has become a problem, as fake news spreads quickly on social media.

Users are encouraged to check the source of every piece of information they receive and to obtain their information directly from official sources such as the World Health Organization, which moreover actively fights against the “infodemic” of fake news on. the theme of coronaviruses online.

For those who really want to see the spread of Covid-19 in map form, Microsoft has created a web portal to track infections around the world, based on official sources.

UPDATE (March 16, 2020, 8:35 am PT):

DomainTools has published an in-depth analysis of the fake Covid 19 tracker the application (i.e. the CovidLock malware), along with the decryption key that victims can use to unlock their device / decrypt its content: 4865083501.

“The author of CovidLock has not bothered to implement any type of key obfuscation in the source code of the application. While it’s easy to explain how this isn’t sophisticated from a malware development perspective, it’s important to note that CovidLock is still effective for its lock screen attack, ”they noted. .

Source link