DELETE this app right now: Coronavirus tracker locks Android phones, demands ransom

A seemingly-useful Android app that claims to be showing the spread of coronavirus in your general area is reportedly locking users out of their devices and requiring ransom to unlock the phones. The so-called CovidLock ransomware takes advantage of a security flaw and creates a bespoke screen lock password that the user can't guess on their own. 

The malicious app claims to show a heatmap with COVID-19 cases around the user and is not found on the Google Play Store. Instead, it was hosted at the coronavirusapp[.]site domain. A kind reminder that downloading unsigned apps from outside the Play Store is not recommended. 

Newly discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone, explains DNS threat intelligence company DomainTools today in a blog post authored by Tarik Saleh, senior security engineer and malware researcher. For Android Nougat devices and later versions, the attack only works if the user has never bothered to set a screen lock password in the first place. However, older devices are more vulnerable to the flaw. 

Once a phone gets infected by the coronavirus tracker, the unlucky users are asked for a $100 in bitcoin to be paid within 48 hours in order to remove the custom screen lock. Staying true to their lowly methods, the attackers are also threatening the victims to claim hold of their personal data, like photos, videos, social media accounts, and so on, as well as claiming they have a hold of their GPS location at all times and could remotely wipe the infected Android phone.  

“Note: Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased,” claims the pathetic ransomware app.



To protect yourself, don't download any shady apps outside of the Play Store and don't buy into the panic!