DELETE this app right now: Coronavirus tracker locks Android phones, demands ransom

DELETE this app right now: Coronavirus tracker locks Android phones, demands ransom
Update: According to Reddit user luca020400, the hard-coded password is "4865083501".

The world is paralyzed in the clutches of the COVID-19 pandemic right now, and a number of wrongdoers are trying their best to benefit from the panic and confusion that's running rampant. Aside from speculation and price-gouging with scarce hygiene products, scalpers are trying to take away one of the vital mediums of information spread - your smartphone. 

A seemingly-useful Android app that claims to be showing the spread of coronavirus in your general area is reportedly locking users out of their devices and requiring ransom to unlock the phones. The so-called CovidLock ransomware takes advantage of a security flaw and creates a bespoke screen lock password that the user can't guess on their own. 

The malicious app claims to show a heatmap with COVID-19 cases around the user and is not found on the Google Play Store. Instead, it was hosted at the coronavirusapp[.]site domain. A kind reminder that downloading unsigned apps from outside the Play Store is not recommended. 

Newly discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone, explains DNS threat intelligence company DomainTools today in a blog post authored by Tarik Saleh, senior security engineer and malware researcher. For Android Nougat devices and later versions, the attack only works if the user has never bothered to set a screen lock password in the first place. However, older devices are more vulnerable to the flaw. 


Once a phone gets infected by the coronavirus tracker, the unlucky users are asked for a $100 in bitcoin to be paid within 48 hours in order to remove the custom screen lock. Staying true to their lowly methods, the attackers are also threatening the victims to claim hold of their personal data, like photos, videos, social media accounts, and so on, as well as claiming they have a hold of their GPS location at all times and could remotely wipe the infected Android phone.  


“Note: Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased,” claims the pathetic ransomware app.



To protect yourself, don't download any shady apps outside of the Play Store and don't buy into the panic!

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless