Coronavirus has become the biggest talking point around the world right now. At the time of writing, there are around 1,98,601 COVID-19 cases around the world. The number of deaths caused by the outbreak stands at 7,988. While countries struggle to contain the virus, COVID-19 is being weaponized as a ransomware. A malicious Coronavirus Tracker app is nothing but a ransomware, says a new report from ESET research.
The malicious app reportedly locks the smartphone of the users as soon as they install it. When you try to open your smartphone, the app asks for ransom. Malware researcher Lukas Stefanko notes that those affected can use “4865083501” code to unlock their devices. The key is said to be hardcoded. In a separate blog, the researchers note that the malicious app is titled “CovidLock” because of the malware’s capabilities and its background story.
Cybercriminals try to strike gold when people are at their most vulnerable. As Coronavirus continues to spread and people are asked to practice social distancing and work from home, cybercriminals are trying to exploit this opportunity. Since the outbreak, DomainTools’ researchers have seen a spike in domain names leveraging Coronavirus and COVID-19. One such domain (coronavirusapp[.]site) claims to have a real-time outbreak tracker available in the form of an app for mobile devices.
#ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use “4865083501” code to unlock it. Key is hardcoded. @LukasStefanko Details: https://t.co/6fIm5STFIU pic.twitter.com/ojkRkGznPN
— ESET research (@ESETresearch) March 17, 2020
The domain prompts users to download an Android app that gives access to a Coronavirus map tracker. The app, in reality, is an Android ransomware. It uses techniques to deny the victims access to their phone by forcing a change in the password used to unlock the phone. This is known as screen-lock attack and has been used to exploit Android devices before. The ransomware requests $100 in bitcoin in 48 hours and threatens to erase your contacts, pictures and videos as well as the phone’s memory.
The researchers further note that Google has built a protection in place against this type of attack since the release of Android Nougat. It only works if you have set a password on your phone to unlock the screen. The researchers at DomainTools have reverse engineered the decryption keys and are monitoring transactions to the BTC wallet. In order to stay safe, it is recommended that you only use trusted information sources. Also download applications from the Google Play Store only.