A new malicious Android app is out in the wild locking down phones of users. The app is named CovidLock and it is reportedly ransomware masqueraded as coronavirus tracker.
Just like the very nature of popular ransomware like Wannacry, CovidLock demands a sum of money to let users regain access to their smartphones. To achieve this, the attackers are using a technique called “screen-lock attack” that forces end-users to change their passwords.
The ransomware demands $100 billion in bitcoin within 48 hours of lockdown to release the phone. “Note: Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased.”, reads the note on CovidLock.
According to Tarik Saleh, senior security engineer and malware researchers at DomainTools, only the devices that don’t have a password are vulnerable to the attack if the Android version is Nougat or later.
In case you’ve already installed CovidLock and your device has got locked, do not worry. All you have to do is enter the password 4865083501 to regain access, courtesy of a Reddit user who managed to decompile the app and extract the decryption key.
You may use the coronavirus map developed by the researchers at Johns Hopkins University’s Center for Systems Science and Engineering or Microsoft’s recently launched Bing Covid tracker to stay updated with coronavirus statistics.
If you’d like to stay safe from similar incidents, make sure you always install applications from trusted sources like Google Play Store. To prevent such malicious activity from taking place, both Google and Apple are actively monitoring coronavirus related apps being uploaded to their stores and are allowing apps only from trusted sources.
Featured Image Courtesy: DomainTools