We all expect some people to take advantage of people’s fears and anxieties by creating products that will supposedly remove that but in fact will add more to it. COVID-19 is probably the world’s biggest problem right now and some “geniuses” decided to create an app that will seemingly track it but is in fact a malware that will hold your device for ransom. There are actually a lot of fake apps out there right now but one of the more dangerous ones is the COVID19 Tracker app from the (coronavirusapp[.]site).
According to Domain Tools, when you get to the website mentioned above, you’ll see that they claim they have a real-time outbreak tracker and that you can download the app from there. It will prompt you to install the app that will supposedly give you access to a Coronavirus map so you can see all the statistical information that you may be craving for. When you say tracker you picture real-time information, graphics, heat map visuals, etc.
Instead what you’ll get is a ransomware that has now been named CovidLock and you will have to install it in your device. But what it will do is to deny you access to your phone by forcing a change in your unlock password. This is commonly known as a screen-lock attack and the good news is that you can be protected from it if you have Android Nougat 7.0 and above. But you also need to have a password set on your device, otherwise, you would still be vulnerable.
The ransomware will ask you for $100 in bitcoin within 48 hours. If you do not comply, they threaten to erase all of your phone’s data including contacts, pictures, videos, and maybe even your device’s entire memory. They may also even leak your social media accounts. Basically, this means doxxing you if you do not give their “ransom demand”. Domain Tools said they will soon release a decryption key.
How do you protect yourself from things like this? First of all, make sure that the website you’re visiting is a trusted information source. After all, you’re probably looking for more information about COVID-19 that’s why you went there. Second, only install apps from the Google Play Store and not from unverified sources. Hopefully, not a lot of people were tricked into putting their phones on ransom.