COVID-19 tracking app installs ransomware on your smartphone; be careful

When news of international relevance emerges, cybercriminals often try to take advantage of them to deceive people concerned about a particular issue, and the recent global emergency for coronavirus is no exception. DomainTools, a renowned malware reverse engineering firm, has published a report detailing how it has increased the registration of malicious and fraudulent web domains with word-related names such as “coronavirus” and “COVID-19”.

The virus outbreak has generated millions of daily Internet searches, so threat actors try to redirect some of those searches to fraudulent pages. Through constant monitoring of these domains, the malware reverse engineering firm discovered one in particular; identified as <<coronavirusapp(.)com>>, this website claims to publish a real-time outbreak and infection tracker available by downloading an application.

SOURCE: DomainTools

The unfortunate visitors to this site are encouraged to download an application for Android devices with which they will be able to access a world map with indicators on the COVID-19 updated in real time, including charts and heat maps on the locations with the highest presence of coronavirus.

SOURCE: DomainTools

What the victims of this scam actually download is a variant of ransomware for mobile devices. Researchers have dubbed this malware “CovidLock”, due to its characteristics and for taking advantage of the global COVID-19 outbreak.

According to the software reverse engineering firm, after being installed on the victim’s device, CovidLock manages to force a reset of the password used to unlock the device; similar infection methods reported before have been identified as screen lock attacks, mainly affecting Android users.

After the password reset, the victim is shown the ransom note, in which the hackers demand a $100 USD payment in Bitcoin, in addition to setting a 48-hour deadline to complete the transfer. Otherwise, attackers threaten to delete all information from the infected device, in addition to publishing private information of the victims.

SOURCE: DomainTools

Researchers have notified Android and even began monitoring the activity of the cryptocurrency address employed by hackers, so more details could be revealed shortly.

The International Institute of Cyber Security (IICS) recommends users do not installing applications from unknown sources, as this is the main attack vector against mobile devices. In addition, for users concerned about the coronavirus outbreak, it is always best to expect official updates from health authorities.