⋮    ⋮  

Fake COVID-19 Tracking App Found to Infect Android Phones With Ransomware

Mar 16, 2020
Submit

Every catastrophic event is made worse by unscrupulous actors aiming to make a buck. We've seen several instances of people hoarding essential supplies and selling them at exorbitant prices online. Now, there's new ransomware floating about that doubles up as an app that claims to provide critical information about the COVID-19 epidemic.

The app claims to show a real-time spread of COVID-19 in your region

This website redirects you to download the infected app.

According to a report by Domain Tools, the app first made its appearance on a website (I haven't included the URL here for security reasons. You can find it on the link above if you want to know more about it) that redirects you to a third-party app repository. It isn't much of a red flag, considering that a lot of apps are hosted outside of the Play Store. However, once you install the app, it asks for a host of permissions, which are unnecessary for an app that just shows statistics.
Some of the claims that the app makes are downright outrageous. For example, the app claims that it can alert you when an infected individual is in your vicinity. Should you grant the app the permissions it asks for; it'll lock down your phone and display the following prompt.

Computex 2020 Cancelled Due to Covid-19

This shouldn't affect devices running Android Nougat 7.0 or newer, as there are provisions in place that allow you to recover your phone. However, you need a PIN/Password or Pattern set as your unlock method, without which, you risk losing your data. Domain Tools claims to have figured out the hack and will post a universal decryption code for it shortly.

Given the circumstances we're in, it is understandable that people will panic and overlook some basic checks that alert them about such scams. So, you should rely on trusted sources such as the WHO and CDC website for all your COVID-19-related information. Furthermore, try and avoid downloading apps from unknown sources outside of the Play Store. If you have to, you should stick to popular repositories such as APKMirror and F-Droid. While you're still here, consider donating a portion of your CPU and GPU to help fight the virus by going to this link.

Submit