Malicious COVID-19 Tracker App Locks Phones, Demands $ 100 in Bitcoin

The impact of the coronavirus pandemic is being felt in almost every country in the world. While some people get sick, others are self-isolating to reduce the risk of infection, and millions of people around the world have to work from home and change their travel plans.

And, as is so often the case, there are malicious groups ready to take advantage of the chaos and confusion caused by the spread of the virus. Realizing that people are scared and looking for information, cybercriminals lure victims with the promise of a coronavirus app for Android – but in reality, it is ransomware.

Apple and Google have both been proactive in eliminating coronavirus-related apps and games to keep bogus tools out of their respective stores. Apple has placed strict limits on COVID-19 apps so that only tools from official sources are allowed, but that hasn’t stopped criminals from finding other ways to profit from the coronavirus crisis.

DomainTools security researchers have not only noticed an increase in the number of domains linked to the coronavirus recently, but have spotted one in particular – coronavirusapp.site – which claims to offer real-time tracking of COVID-19 cases through an app. Android available for download outside of Google Play. The truth is that the app is ransomware which can be named CovidLock

False coronavirus monitoring

The ransomware takes advantage of the fact that millions of people are hungry for information and advice on the spread of the coronavirus. Once installed, the app requests various permissions that it believes are required in order to be able to send notifications. But in reality, requests to activate accessibility settings and activate lock screen are just a ploy to force a victim to change their phone’s lock screen password.

Once modified, the app reveals what it really is: ransomware. It demands a Bitcoin payment of $ 100 (around £ 80, AU $ 160) to decrypt the data, with the threat that everything will be deleted if the payment is not made within 48 hours.

There is a glimmer of good news. This type of attack is quite old and Google has been protecting users for some time. DomainTools notes: “Since the deployment of Android Nougat, protection is in place against this type of attack. However, it only works if you have set a password. If you have not set a password on your phone to unlock the screen, you are still vulnerable to CovidLock ransomware. “

The group also said it is working to publish the decryption key for free so that the cybercriminals behind the tool do not take advantage of it.

This all serves as a useful reminder to only download apps from trusted sources like Google Play.

Via Android police


Source link