If you are thinking of installing an app on your Android device from a third-party source to keep track of the coronavirus outbreak, think again. It has been discovered that CovidLock posing as a COVID-19 tracking app is a malicious ransomware Android app in disguise that is locking users out of their phones.
As Tarik Saleh, senior security engineer and malware researcher at DomainTools, explains in the blog post, CovidLock performs a screen-lock attack by forcing users to change the password of their device. On devices running Nougat or higher (Android 7.0+), the app only works if no unlock password was set by the user.
If you end up installing the CovidLock app on your Android device and if it manages to carry out a successful attack, you will be locked out of your device. You will then be given a 48-hour deadline to pay $100 in bitcoin as ransom. The app threatens users that it will delete their personal data from the device including contacts, photos, videos, and leak them to social media as well.
The app does not seem to be very advanced in nature and has been seemingly designed to target unsuspecting and uninformed Android users. A Reddit user managed to decompile the app and extract the password as well: 4865083501. You can pass this password to anyone you know whose device has been held for ransom by this app.
The good thing is that the app is not available for download on the Google Play Store. Google has cracked down on unofficial third-party coronavirus apps from the store and has even banned search terms like "coronavirus" and "COVID-19" from the store. This serves as a good example of why one should only download apps on their Android device from the Google Play Store and avoid any third-party sources irrespective of how reputable they are.
Via: SCM Magazine