You can always count on hackers to exploit a terrible situation to try to make a buck.
A new Android app that promises to deliver up-to-date figures on the coronavirus pandemic includes a strain of malicious software that locks up a user’s phone and demands an extortion fee. The ransomware app, called CovidLock, threatens to erase everything on an infected phone if victims don’t pay $100 in bitcoin within 48 hours, according to the security firm DomainTools.
The number of users affected remains unclear. The app is not available in the Google Play store, and was accessible on a standalone website.
DomainTools has said it intends to release a decryption tool for affected victims, while Reddit users claim to already have deciphered the password to release locked data.
The program only represents scammers’ latest attempt to use concerns around the COVID-19 virus to defraud anxious technology users.
Scams, misinformation campaigns, attempted hacks and government surveillance operations have followed the respiratory virus’ spread through the globe. No fewer than four cybersecurity companies detected hacking efforts last week, including spearphishing campaigns that impersonated public health officials from the U.S. and beyond. In one example, hackers cloaked malicious software behind their own version of a global map first published by Johns Hopkins University meant to track COVID-19’s spread.
Operators behind CovidLock played on the same concern and curiosity by claiming they would track the location of victims’ phones, then delete their photos, social media accounts and pictures if no bitcoin payment came through.
The app is the latest proof that trusting Google’s Play store and the App Store as gatekeepers is one way to mitigate the risk of inadvertently downloading malware. While scammers have proven capable of slipping through security controls in both markets, Google and Apple have checks in place meant to stifle this kind of behavior, and then delete nefarious programs that do surface.