Coronavirus tracking app for Android is a ransomware in camouflage

An android application which facilitates the coronavirus infection tacker appears to be a ransomware in disguise, as it locks the devices and asks for ransom. Named as CovidLock, the app locks the android devices and asks for a ransom of $100 in bitcoin and had to be credited at a BTC address mentioned in the ransom note.

Good news is that the app is not available in the Google Play Store, and can only be downloaded from the coronavirusapp website directly. First discovered by DomainTools, the CovidLock app is leveraging the pandemic buzz and distributing the ransomware in android devices.

How does this android ransomware work?

This app needs to be downloaded from the malicious coronavirus tracking website named ‘coronavirusapp[.]site ‘. Once downloaded and installed in the android device, the ransomware automatically locks your device with a passoword and leaves a ransom note asking the victims to pay the ransom. However, this ransomware does not work if the android device already has a password . 

The attacker gives just 24 hours for the victims to pay the ransom, if anything gets delayed or any sudden movements are absorbed through GPS (which attackers are tracking) then the documents, photos, and any social media data will be erased forever. 

How to prevent android threats?

Android users should make sure they have their passwords ON, and install an antivirus solution in their devices. They should avoid downloading APK files from unknown sources, and should disable ‘allow download from unknown sources’ in their android device settings. 

Cybercriminals are actively looking for ways to leverage on people’s anxiety and fear, to make money. It is individuals responsibility to ensure they keep their devices secured from APK threats like this. Organizations that are managing users device like CYOD, COPE and BYOD, please ensure you add this app into your blacklists. Furthermore, deploy policies to restrict downloads from Play Store only.

Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.