The Coronavirus pandemic doesn’t seem to be slowing down. As of now, the virus that originated in Wuhan, China, has killed over 5,800 people and infected over 153,000 globally.
While Coronavirus, aka COVID-19, is keeping the world wrapped up in terror, hackers are using the opportunity to steal user’s data and install ransomware on smartphones.
The security firm DomainTools found a website that promises to track Coronavirus cases with its Android app but instead installs ransomware.
The website “coronavirusapp[.]site” showcases certifications from the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC). Moreover, it claims its Android app has over 6 million reviews and a 4.4-star rating.
As per the app’s description, it sends notifications when it discovers a Coronavius patient in the vicinity. However, post-installation and approving various permissions, the user is hit with ransomware Covidlock that force changes the screen-lock.
The victim is given a 48-hour deadline and blackmailed to erase phone data, along with leaking social media accounts, if the hacker is not paid $100 bitcoin in return.
Thankfully, no case of successful money extraction has been reported so far. Meanwhile, the security firm claims to have reverse-engineered the decryption keys and intends to post them publicly. Moroever, it is keeping a tap on the attacker’s bitcoin account.
This is not the first time the fear of Coronavirus is being used to fool people. A fake Coronavirus Map surfaced online that installed malware on PCs to steal passwords.
DomainTools notes that an alarming number of domains are being registered around Coronavirus. “These registrations have peaked significantly in the past few weeks, and many of them are scams.”
Recently, Iran launched a similar app that promised to tell people if the Coronavirus has infected them, but instead, it only collected location data of millions of Iranian citizens.
