Coronavirus is the new buzzword out here, taking over the world by storm. While it is important for us to be aware of the virus taking over the world, attention needs to be paid towards entities that wish to use this word to take advantage of the fear and exploit it.
In the latest news from the cybersecurity front, a website(coronavirusapp[.]site) that advertises itself to be a coronavirus ‘real-time’ case tracking service for mobile devices turned out to be ransomware. To encourage downloads, it features vital statistics of the disease and a heat map of the outbreak hotspots. However, the app locks a user’s phone and demands a ransom of $100 in the form of bitcoin within 48 hours.
The researchers at DomainTools were behind revealing the identity of the app. Dubbing the app CovidLock, the researchers, on their blog, detailed how the app turns into a ransomware upon installation. The only sign it gives the users is when it forces them to change their device password, which is used to block their access to the device. This is how the ransomware executes itself. The app instils fear by claiming to delete the user’s contacts, photos, and memory. It also threatens to leak the details of the user’s social media on the internet.
“Your GPS is watched and your location is known, if you try anything stupid your phone will be automatically erased,” says the ransom note in a desperate attempt to steal money from the victim.
However, while the attack might seem sophisticated and planned well, a senior security engineer at the firm disagrees. Tarik Saleh explained that in reality, none of the files on the infected device were encrypted. Android Nougat has been tailored against attacks of this nature and all it requires is that the user has a password set for the device, Saleh explains. In short, as long as you are on Android N or above and have a password set, you are safe from this ransomware.
This app is not the first one to have exploited the fear of COVID-19 to only use it to spread malware and steal personal information. There was the Azorult malware which also featured live tracking of coronavirus cases. In January of this year, the Emotet banking trojan was used to spread fear and infect the user’s phone.
If you are looking for a solution to this ransomware then you’re in luck, A Reddit user reverse-engineered the app to find out the correct password – 4865083501.
Further, if you seek a credible source for coronavirus tracking, visit this website instead, run by John Hopkins Coronavirus Resource Center
https://coronavirus.jhu.edu/map.html
In this time of unprecedented panic and misinformation, it helps to stay vigilant and cautious. Cybercriminals seek to exploit any chance to get into your devices and cause mayhem, no matter the cost. Always have the software on the device updated to protect your data and stay safe.