COVID19 TRACKER APP

The recently discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone, according to DNS threat intelligence company Domain Tools and  by Tarik Saleh, senior security engineer and malware researcher. For Android Nougat devices and later versions, the attack only works if the user never bothers to set a password in the first place.

The malicious app was discovered and disclosed by the researchers at DomainTools, who came across the website coronavirusapp[.]site with the app available for install. “The domain prompts users to download an Android App,” the team explains, “that will give them access to a Coronavirus map tracker that appears to provide tracking and statistical information about COVID-19, including heatmap visuals.”

Victims of the app are given a 48-hour deadline to pay a $100 ransom in bitcoin. To ratchet up the stakes, the ransomware program also threatens to erase one’s contacts, photos, videos and memory, as well as leak the victim’s social media accounts. “Note: Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased,” the ransom note also states.