New Android ransomware poses as coronavirus tracking app

We’ve seen loads of coronavirus apps pop up on mobile app stores in recent months, as the pandemic continues to sweep around the world. Google has taken steps to remove the more questionable apps from the Play Store, but it looks like one Android app on the web is actually ransomware.

Security company DomainTools (h/t: SC Magazine) spotted ransomware called CovidLock that poses as a coronavirus tracking app. The app, which is available on coronavirusapp[.]site, prompts users to give accessibility and lockscreen permissions.

Unfortunately, the ransomware locks users out of their phones by adding a password to the device. The criminals behind CovidLock then urge victims to pay $100 in Bitcoin within 48 hours to regain access. Furthermore, they warn users that contacts, pictures, and other content will be deleted and social media accounts will be leaked.

Thankfully, DomainTools says Android Nougat protects against this so-called screen-lock attack, but adds that you need to set a password on your phone for this protection to be effective. The security firm also says it’s reverse engineered the decryption keys for the ransomware and will post it publicly (although a redditor has posted the apparent password too).

Otherwise, the company suggests that you stick to the Play Store for your app needs and only use resources from governments and health institutions.

“Cybercriminals like to exploit people when they are at their most vulnerable. They use dramatic events that cause people to be emotional or fearful to drive their profits. Any time there are major news cycles happening on a topic that stirs a strong reaction, cybercriminals will not be far behind,” the firm adds.

You should therefore be careful about clicking any links or downloading resources that claim to be coronavirus-related, as cyber-criminals create sketchy resources that look and feel like official tools.