The new coronavirus pandemic has caused confusion for a considerable number of people. To better cope with this situation, some people are using mobile apps to track the spread of the disease. However, these users were surprised to find that they might have accidentally installed a malware application.
An Android app called "COVID19 Tracker" promotes to people who are worried about a virus outbreak that they are a virus map. The user got a link to the COVID19 Tracker when searching for an application showing the spread of the virus.
However, users cannot download the app on the Google Play Store and need to go to the app website.
When users download and open the app, they have an unpleasant surprise.
Like other applications, COVID19 Tracker requires a device license, but once licensed, it launches a program called "CovidLock". CovidLock is threatening to require users to pay $ 100 in bitcoin within 48 hours, otherwise all data on their phones will be deleted.
CovidLock is a type of malware called ransomware that hijacks user data until the user pays a ransom.
Normally, ransomware targets businesses because they have greater financial resources or capabilities, but CovidLock targets individual users.
CovidLock will lock the user's mobile phone after being opened by the user, and then the user can only use it after entering the decryption key. If the user pays the bitcoin ransom via a link on the screen, the app provides the user with the key. Network security company DomainTools found the decryption code by reverse engineering the application: 4860835501.
In fact, since the release of Android Nougat in 2016, Android phones have built-in protection against screen lock attacks such as CovidLock. But if users do not set a password for their phones, these protections will not work.
In addition, DomainTools managed to access a Bitcoin wallet connected to CovidLock. The team is monitoring any activity that occurred to see if the hacker successfully extorted money. On March 16, local time, the COVID19 Tracker website has been shut down.
In fact, COVID19 Tracker is not the only malware associated with the new crown virus. Another Android app called "Corona Live 1.1" provides actual virus data, but it installs spyware on users' phones.
Like COVID19 Tracker, users must download Corona Live 1.1 from the app website or a third-party app store, not through the Google Play store.
Although counterfeit applications and other forms of malware may be on the rise, users can take steps to avoid them.
In order to obtain information on the spread of the new crown virus, one should only turn to reliable sources, such as official medical institutions and government agencies, which have accurate data on this. In addition, downloaded mobile applications can only come from the official app store and not from third parties.
A recent study found that apps and websites with names related to the new crown virus are 50% more likely to spread malware than other domain names.
Even the most basic security measures can effectively prevent the spread of malware and counterfeit applications.
If users enable all security features in their phones and restrict app permissions, then they avoid many potential security issues.