Ransomware hidden in a Coronavirus tracking app has been identified by cybersecurity threat researchers.
Opportunistic hackers are increasingly seeking to dupe victims using websites or applications purporting to provide information or services pertaining to coronavirus.
Cybersecurity threat researchers, DomainTools, have identified that the website coronavirusapp.site facilitates the installation of a new ransomware called “CovidLock.”
The website prompts its visitors to install an Android application that purportedly tracks updates regarding the spread of COVID-19, claiming to notify users when an individual infected with coronavirus is in their vicinity using heatmap visuals.
CovidLock ransomware launches screen lock attack on unwitting victims
Despite appearing to display certification from the World Health Organization and the Centers for Disease Control and Prevention, the website is a conduit for the ‘CovidLock’ ransomware — which launches a screen lock attack on unsuspecting users.
Once installed, CovidLock alters the lock screen on the infected device and demands a payment of $100 worth of BTC in exchange for a password that will unlock the screen and return control of the device to the owner.
If a victim does not pay the ransom within 48 hours, CovidLock threatens to erase all of the files that are stored on the phone — including contacts, pictures, and videos.
The program displays a message intended to scare users into compliance with its demand, stating: “YOUR GPS IS WATCHED AND YOUR LOCATION IS KNOWN. IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED.”
DomainTools claims to have reversed engineered the decryption keys for CovidLock, adding that they will publicly post the key.
Coronavirus-themed website are 50% more likely to be malicious
According to cyber threat analyst, Check Point, coronavirus-themed domains are 50% more likely to be a front for malicious actors than other websites.
Since January 2020, the firm estimates that more than 4,000 domain names that relate to the coronavirus have been registered globally — 3% of which are deemed to be “malicious,” and 5% of which are described as “suspicious.”
U.K. public lose $1 million to coronavirus scams
On March 11, the U.K. Financial Conduct Authority warned of an increasing proliferation of coronavirus-themed scams – including investment scams fraudulently offering investments in crypto assets.
According to the U.K. National Fraud Intelligence Bureau (NFIB), many malicious sites are offering maps and visualizations tracking the spread of coronavirus — much like CovidLock. An NFID representative stated:
“They claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in bitcoin.”
The NFIB estimates that coronavirus-themed scams have already defrauded the British public out of roughly $1 million.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.