Ransomware pretending to be a new corona virus application is threatening people’s wallets

According tomedia reports, the new coronavirus pandemic has caused confusion to a considerable number of people. To better cope with this situation, some people are using mobile apps to track the spread of disease. However, these users were surprised to find that they may have accidentally installed a malware app.

Ransomware pretending to be a new corona virus application is threatening people's wallets

An Android app called COVID19 Tracker advertises itself to people worried about a virus outbreak. Users get a link to COVID19 Tracker while searching for an app that shows the spread of the virus. However, users can’t download the app on the Google Play Store and need to go to the app site. When users download and open an app, they have an unpleasant surprise. Like other applications, COVID19 Tracker requires a device license, but once it does, it starts a program called CovidLock. CovidLock threatens to ask users to pay $100 in Bitcoin within 48 hours, or else delete all data on their phones.

CovidLock is a malware called ransomware that hijacks a user’s data until the user pays a ransom. Often, ransomware targets businesses because they have more financial or capacity, but CovidLock targets individual users.

It is understood that CovidLock will be locked on the user’s mobile phone after being opened by the user, after which the user can only enter the decryption key to use. If the user pays a Bitcoin ransom via a link on the screen, the app will provide the user with the key. DomainTools, a cybersecurity firm, found the decryption code by reverseengineering the app: 4865083501.

Ransomware pretending to be a new corona virus application is threatening people's wallets

In fact, since the launch of Android Nougat in 2016, Android phones have built in protection against screen lock attacks such as CovidLock. But if the user doesn’t set a password for their phone, these protections won’t work.

In addition, DomainTools managed to access bitcoin wallets connected to CovidLock. The team is monitoring any activity that takes place above to see if the hackers have successfully extorted money. On March 16, local time, the COVID19 Tracker website was shut down.

In fact, COVID19 Tracker isn’t the only malware associated with the new corona virus. Another Android app, called Corona Live 1.1, provides actual virus data, but it installs spyware on the user’s phone. Like COVID19 Tracker, users must download to Corona Live 1.1 from the app website or the third-party app store, not through the Google Play store.

While counterfeit apps and other forms of malware may be on the rise, users can take steps to avoid them. In order to obtain information about the spread of the new coronavirus, people should only turn to reliable sources, such as official medical institutions and government agencies, which have accurate data on it. In addition, downloaded mobile apps can only come from the official app store, not from a third party.

A recent study found that apps and websites whose names are associated with the new corona virus are 50 percent more likely to spread malware than other domain names.

Even the most basic security measures can effectively prevent the spread of malware and counterfeit applications. If users enable all security features on their phones and restrict app permissions, they avoid many potential security issues.