The impact of the coronavirus pandemic is being felt in almost every country in the world. As some people get sick, others are isolating to reduce the risk of infection, and millions of people around the world have to work from home and change their travel plans. And, as is often the case, there are malicious groups ready to take advantage of the chaos and confusion caused by the spread of the virus. Aware that people are afraid and looking for information, cybercriminals lure victims with the promise of a coronavirus app for Android, but it is actually ransomware. Apple and Google have been proactive in removing coronavirus-related apps and games to prevent fake tools from reaching their respective stores. Apple has set strict limits on COVID-19 apps so that only tools from official sources are allowed, but that hasn't stopped criminals from finding other ways to take advantage of the coronavirus crisis. DomainTools security researchers not only noticed an increase in the number of coronavirus-related domains recently, but also spotted one in particular, coronavirusapp.site, which claims to offer real-time tracking of COVID-19 cases via an Android application available for download outside of Google Play. The truth is that the application is ransomware that can be called CovidLock
False coronavirus tracking
The ransomware takes advantage of the fact that millions of people are hungry for information and advice on the spread of the coronavirus. Once installed, the app asks for various permissions that it says are required to be able to send notifications. But in reality, requests to turn on accessibility settings and activate lock screen are just a ploy to force a victim to change the password on their phone's lock screen. Once modified, the application reveals what it really is: ransomware. A €100 (about $80, AU$160) Bitcoin payment is required to decrypt the data, with the threat of everything being deleted if payment is not made within 48 hours. There is a glimmer of good news. This type of attack is quite old and is something that Google has been protecting users from for some time. DomainTools notes: "Since the implementation of Android Nougat, there is protection against this type of attack. However, it only works if you have set a password. If you have not set a password on your phone to unlock the screen, you are still vulnerable to CovidLock ransomware ". The group also claims that it is trying to publish the decryption key for free so that the cyber criminals behind the tool do not take advantage of it. All of this serves as a helpful reminder to only download apps from trusted sources like Google Play. Via Android Police