Malicious COVID-19 Android App is Ransomware

An Android app that purports to track confirmed cases of COVID-19 actually locks up the phone and demands $100 in bitcoin to unlock it. If victims do not pay within 48 hours, the malware says it will erase all the data on the phone. A password to unlock frozen devices has been obtained.

This app will also set a lock on your device if one is not already configured. The DomainTools researchers have reverse engineered the decryption key for the “CovidLock” app and are preparing to release it. Note that financially motivated threat actors are leveraging the COVID-19 crisis for profit. Users need to be careful installing offered mobile applications, particularly from unofficial app stores, expect some apps to make it into the legitimate app stores as well.

Read more in:

• www.cyberscoop.com: A coronavirus-tracking app locked users' phones and demanded $100
• www.scmagazine.com: Password found to rescue victims of malicious COVID-19 tracker app
• www.scmagazine.com: Coronavirus tracking app locks up Android phones for ransom