comscore Coronavirus Tracker app is a malicious ransomware | BGR India
News

Coronavirus Tracker app on Android is a malicious ransomware; security researchers explain how to unlock affected devices

Coronavirus Tracker app locks victim's device and requests $100 in random. Here is how you can avoid becoming a victim.

  • Published: March 18, 2020 11:28 AM IST
ransomware-coronavirus-outbreak

Photo: Pixabay


Coronavirus has become the biggest talking point around the world right now. At the time of writing, there are around 1,98,601 COVID-19 cases around the world. The number of deaths caused by the outbreak stands at 7,988. While countries struggle to contain the virus, COVID-19 is being weaponized as a ransomware. A malicious Coronavirus Tracker app is nothing but a ransomware, says a new report from ESET research.


The malicious app reportedly locks the smartphone of the users as soon as they install it. When you try to open your smartphone, the app asks for ransom. Malware researcher Lukas Stefanko notes that those affected can use “4865083501” code to unlock their devices. The key is said to be hardcoded. In a separate blog, the researchers note that the malicious app is titled “CovidLock” because of the malware’s capabilities and its background story.

Cybercriminals try to strike gold when people are at their most vulnerable. As Coronavirus continues to spread and people are asked to practice social distancing and work from home, cybercriminals are trying to exploit this opportunity. Since the outbreak, DomainTools’ researchers have seen a spike in domain names leveraging Coronavirus and COVID-19. One such domain (coronavirusapp[.]site) claims to have a real-time outbreak tracker available in the form of an app for mobile devices.

The domain prompts users to download an Android app that gives access to a Coronavirus map tracker. The app, in reality, is an Android ransomware. It uses techniques to deny the victims access to their phone by forcing a change in the password used to unlock the phone. This is known as screen-lock attack and has been used to exploit Android devices before. The ransomware requests $100 in bitcoin in 48 hours and threatens to erase your contacts, pictures and videos as well as the phone’s memory.

The researchers further note that Google has built a protection in place against this type of attack since the release of Android Nougat. It only works if you have set a password on your phone to unlock the screen. The researchers at DomainTools have reverse engineered the decryption keys and are monitoring transactions to the BTC wallet. In order to stay safe, it is recommended that you only use trusted information sources. Also download applications from the Google Play Store only.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: March 18, 2020 11:28 AM IST