The Coronavirus pandemic sweeping the globe right now is a time for humanity to come together. But we apparently have some cybercriminals who are attempting to milk this crisis for what it is worth. This time around, it is a domain called coronavirusapp[.]site that claims to have a real-time Coronavirus outbreak tracker available via an app download. Beware, it does absolutely no such thing. In fact, security researchers at DomainTools warn us that downloading this ransomware app or giving it any permissions whatsoever on your phone will mean the cybercriminals will have complete control over your phone. They then request $100 in Bitcoin within 48 hours to allow you to unlock your phone.
When you access this domain, you will most likely be urged to download an app that promises to scan your area and tell you when a Coronavirus infected or Coronavirus patient, is nearby. On the face of it, the tracker that you see here looks genuine, with a lot of statistics about the spread of the Coronavirus around the world. “In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware,” say the researchers.
The ransomware, after locking down your phone, demands $100 payment via Bitcoins before you will be allowed access to your phone’s contents again. The demand also comes with a threat—pay now or all contacts, photos and messages from the hacked phone will be erased and all social media accounts will be made public. The researchers though say that if you have already set a password on your Android phone, you might be safer still as the malware app may not be able to override that.
Researchers say they have reverse engineered the decryption keys and are also monitoring the transactions of this Bitcoin wallet and promise these details will be made public soon. In the meantime, only download apps from the Google Play Store.