As Covid-19 spreads across the globe, cybercriminals have increased their efforts to manipulate the public with a malicious ‘CovidLock’ app which aims to cash in on the coronavirus pandemic.
The Android tracker app claims to allow users to monitor the spread of the virus and provides tracking and statistical information about Covid-19 with heatmap visuals.
The app description states « for android users: to get real-time number of coronavirus cases based on your GPS location please download the mobile app version.”
During a time of concerning uncertainty, the free app is particularly appealing as many seek the latest information about Covid-19, which could result in potentially millions of downloads.
The app asks for various permissions which it claims are needed to be able to deliver notifications and « active state monitoring ». Once the unsuspecting victim has granted access to the device, ransomware is executed and collects as much personal information as it can upon launch. The sensitive information that is collected includes call records, SMS activity, and browser history.
Once collected, the ransomware will then lock the device from use and display a ransom notice on the lockscreen to demand a $100 (approx £80) Bitcoin payment to decrypt data. The penalty for non-compliance is a total erase of the device’s data within 48 hours.
This a common trait of ransomware which often requests payment in Bitcoin or in other cryptocurrencies that are difficult to trace. Cybercriminals will also typically assign a deadline for the ransom to be paid, and if the deadline passes, the ransom payment will be increased or the files permanently locked.
In addition to the ransom demand, the warning also seeks to provoke further fear by claiming the phone is being tracked and any “stupid” action on the part of the user will lead to an immediate device erase.
Android operating systems running Nougat or higher (Android 7.0+) will be protected against such attacks as long as the user has set a password to unlock the phone. Without a password, users are still vulnerable to attacks like CovidLock ransomware and should ensure that their devices are kept up to date.
In recent weeks, Apple, Google and Amazon have experienced a surge in Covid-19 and coronavirus related apps which target a frightened and confused global community. In an effort to crack down on the apps and ensure that the data sources are credible, Apple announced it would accept coronavirus related apps only from « recognised entities such as government organisations, health-focused NGOs, companies deeply credentialed in health issues, and medical or educational institutions. »
How to Stay Safe from Malicious Mobile Apps
With 24,000 malicious malware apps blocked from devices each day and more employees using their own devices for work purposes such as accessing corporate email and viewing documents, it’s vital that staff are aware of the potential consequences malicious apps can have and how to avoid them.
- Do not download apps from untrusted and unfamiliar sites.
- Seek information from trusted, official websites.
- Regularly update your device’s software.
- Pay close attention to the permissions requested by an app and think twice before you grant access to sensitive information such as your address book or access to your photo library.
- Install a trusted antivirus solution. If you do happen to download a malicious app or open a malicious attachment, mobile anti-malware protection can prevent the infection.
- The National Crime Agency strongly advises organisations not to make a ransom payment as it emboldens cybercriminals to launch further attacks and the vicious cycle continues. If you choose to make a ransom payment, there is no guarantee you will ever get your files back, and if anything, it increases your chances of being targeted again in the future.
- In the event that ransomware strikes, make sure you have made frequent backups of important data.
MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.