Android Ransomware

Malicious Software Pretending To Provide COVID-19 Info

Android Ransomware



DomainTools discovered that domain names associated with COVID-19 and Coronavirus have spiked in the past few weeks, and many of those domains are considered malicious. One that caught their eye was a website that offers a real-time coronavirus outbreak tracker as an Android app.



The app says that it offers many features like a heat map and other statistical data about COVID-19, but this app is instead ransomware. When downloading the app, it will ask for administrative access promising that this will allow certain types of information. If the app is given administrative access, it is given the opportunity to lock up all contacts, pictures, videos, and social media accounts unless their ransom is paid in Bitcoin. If the ransom is not paid, the attacker threatens to release all private information publicly and erase the phone's memory.



DomainTools offers tips on how to better protect against ransomware and other malware that tries to capitalize on coronavirus. They first state to be sure to only use trusted information sources from the government and research websites, and not to click on anything health related in your emails. Next they ask Android users to ensure that they download apps from the Google Play store, as third-party stores have a much higher risk of downloading malware.



For more information, please check out:

https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware

https://www.us-cert.gov/Ransomware

Posted: May 18, 2020, 6:24 PM