Coronavirus Pandemic: At the time when the novel Coronavirus which was declared Pandemic last Wednesday by the World Health Organisation (WHO) has infected hundreds of thousands of people all across the globe and have affected the lives of millions more. However, some people, instead of coming together and help do something constructive, are taking advantage.
A domain called coronavirusapp[.]site is claiming to provide a real-time Coronavirus outbreak tracking and is available via an app which a user needs to download.
Beware, this app does no such thing!
As a matter of fact, the security researchers at DomainTools have issued a warning saying that the app is ransomware and if you give any permission over your phone will result in handing control of your phone and the data inside it to Cybercriminals. The cybercriminals then ask the owner of the phone to pay $100 via Bitcoin within 48 hours to unlock the device.
When a person accesses the above mentioned domain, you will be asked to download the application with claims that the application will scan your area and then inform about any Coronavirus infected patients nearby. For the show of it, the tracker that you would see will look authentic and will show a lot many statistics about the spread of the COVID-19 pandemic.
The researchers say that ‘In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware,”.
This ransomware, once it locks down your device, will demand $100 in Bitcoin from you before you will be allowed to access your device again. The demand comes with a threat saying – pay now or all the contacts, messages, and photos from the hacked device will be erased and all the social media accounts will be made public.
However, the researches say that if you have set a passcode on your device, you will be relatively safer as the malware may not be able to override it.
Researchers claim that they have reverse-engineered the decryption keys and are also keeping a lookout on the Bitcoin transactions of this wallet. They promise that the details will soon be made public.
We advise everyone to only download the apps from the Google Play Store.