Ransomware posing as a coronavirus app is threatening people for money
The coronavirus pandemic has created some confusing times. Trying to get a better handle on the situation, some people have looked to mobile apps to track the spread of the disease. These users were shocked to find they had accidentally installed a malware app instead.
An Android app called "COVID19 Tracker" marketed itself as a virus map to people worried about the outbreak. Users searching for an app to show the spread of the virus found a link to COVID19 Tracker, which claimed to do just that. Instead of getting it from the Google Play Store, they would have to download it directly from the website. Once users downloaded and opened the app, they found an unpleasant surprise. COVID19 Tracker, like any other app, asked for device permissions, but once it gained this permission, it launched a program called "CovidLock." CovidLock threatened to delete all data from the phone unless users paid $100 in Bitcoin within 48 hours.
Ransomware Goes Mobile
CovidLock is a type of malware called ransomware, which holds users' data hostage until they pay a ransom. Ransomware typically targets businesses since they have more money or power to offer. But CovidLock went after individual users, probably in hopes that they would be less suspecting than a company.
After it opened, CovidLock would lock users' phones, so they couldn't use it until they entered a decryption key. The app would give users the key if they paid the Bitcoin ransom through a link on the screen. Web security company DomainTools reverse-engineered the app to find the decryption code: 4865083501.
Since Android Nougat released in 2016, Android phones have built-in protection against screen-lock attacks like CovidLock. But if users haven't set a password for their phone, then these protections won't work.
DomainTools also managed to access the Bitcoin wallet connected to CovidLock. The team is monitoring it for any activity to see if the hackers successfully extort any money. The COVID19 Tracker website was taken down by the afternoon on March 16.
A Growing Number of Malware Apps
COVID19 Tracker isn't the only coronavirus-related malware app out there. Another Android app called "Corona Live 1.1" presented actual virus data, but installed spyware on the user's phone. Like with COVID19 Tracker, users would have to download Corona Live 1.1 from a website or third-party app store instead of the Google Play Store.
Google's App Defense Alliance has noticed a growing number of malware apps and scams related to COVID-19. The hackers and scammers behind these apps are trying to take advantage of people's concerns during this confusing time. Amid the chaos, people may not think twice before installing suspect software.
Defending Against Malware
Fake apps and other forms of malware may be on the rise, but users can take steps to avoid them. To get information on the spread of COVID-19, people should turn to established trusted sources only. Medical institutions and government agencies will have accurate data on the matter.
Mobile apps should only come from official app stores. If it isn't listed on the Google Play Store or Apple's App Store, there's a high chance that it could be a scam. Users should also take the time to study any app for suspicious signs before downloading.
A recent study found that apps and sites with coronavirus-related names are 50 percent more likely to spread malware than other domains. Anything purporting to be a resource on the virus should be subject to extra scrutiny. In times of panic, hackers and scammers thrive.
Even basic security practices can be effective against the spread of malware and fake apps. If users use all of their phones' security features and limit apps' permissions, they can avoid many potential security issues. Malware apps may be rampant, but they don't have to be effective.
Image Credit: DomainTools
Kayla Matthews is a senior writer at MakeUseOf and a freelance writer for Digital Trends. To read more from Kayla, visit her website productivitybytes.com.