The COVID-19 pandemic has been all over the news with several countries going into severe lockdown. During all of the panic and confusion, people have tried to benefit. Prices are going up and up and (mainly) antibacterial cleaning products have become scarce. Additionally, an Android app on your smartphone could be benefitting. How? Read on…
This app is a COVID-19 tracker – it shows you where the Coronavirus is know to be spread in your general area. This Android app seemed pretty useful but it has turned out to be a facade. The app then started locking users out of their phones. Additionally, they are demanding a RANSOM in order for their phones to be unlocked again. This lock ransomware takes advantage of a security flaw. It exploits this to then create its own lock password that the user isn’t able to guess on their own.
This malicious app isn’t found on the Play Store but is hosted at the coronavirusapp[.] site domain. This is reinforcement that downloading apps that are unsigned isn’t advisable (to say the least).
The website that hosts the coronavirus tracking app recently found out that this ransomware preforms a screen-lock attack by forcing a change in the password. For anyone with Android Nougat and newer versions, the attack is only successful if you haven’t set a password the first place. Older versions of Android are susceptible to the ransomware.
What happens if someone’s smartphone gets infected with the ransomware?
After the user has downloaded the fake Coronavirus tracker and gets infected, the users are demanded to give $100 in Bitcoin. The ransom should be paid within 48 hours. As well as this, if the amount isn’t paid, the users have been threatened to have their personal data claimed. The attacker(s) have additionally claimed to have the users GPS location at all times. They claim they could remotely wipe the Android phone.
The official message being sent by the coronavirus tracking app is “Note: Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased,”
A Reddit user known as luca020400 has said that the password is “4865083501“. Let’s hope it works for any of you out there who have been affected.