14 DAY TRIAL // A coronavirus tracking application is actually infecting Android devices with ransomware, with owners then asked to pay a $100 ransom to have their smartphones unlocked.
Coronavirus trackers are particularly popular these days, as many users look for such apps to keep an eye on the virus outbreak, so it’s not necessarily a surprise that malicious actors are trying to use this growing demand for such apps for their own benefit.
That’s the purpose of an application called CovidLock, which launches a screen lock attack that changes the password used to protect the device – if no password is configured, then the ransomware automatically sets one, essentially locking the device.
Decryption key found
Researchers explain in an analysis performed by DomainTools that owners of compromised devices are required to pay a $100 ransom in Bitcoin to have their smartphones unlocked. Otherwise, the attackers claim they would steal sensitive information like photos and contacts and even leak some details online.
“Your phone is encrypted: you have 48 hours to pay $100 in Bitcoin or everything will be erased. What will be deleted? Your contacts, your pictures and videos, all social media accounts will be leaked publicly and the phone memory will be completely erased,” the ransom note reads.
“Your GPS is watched and your location is known. If you try anything stupid, your phone will be automatically erased,” the attackers warn.
The good news is that DomainTools says its researchers already have the decryption keys for the ransomware.
“The DomainTools security research team has reverse engineered the decryption keys and will be sure to post the key publicly. The team also has the BTC wallet and is monitoring its transactions. Further technical details will be released soon,” they say.
In the meantime, what you can do is stay away from apps coming from sources that you don’t trust. And of course, double-check the permissions for each app you install on the smartphone.