It’s easy to get duped right now, while we’re all in panic mode. All it takes is for one person with a bit of free time on their hands to make a “Coronavirus dashboard” that asks unsuspecting users to install an application on their machine, and boom—you’re suckered into installing malware on your system when you thought you were actually downloading a program to help you better understand what’s going on out there.
Now, we’re seeing Coronavirus “tracking” apps pop up for Android—and likely iOS too, but the effects are probably more phishing than infiltration. In one example, the apps lure users in by promising to provide them with a Coronavirus “map” that allegedly shows the number of confirmed cases around a person’s area, in addition to various counters to show how far COVID-19 has gone. Heck, you even get a heat map—how 1990s-scary-pandemic-movie of them.
As DomainTools describes:
In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.
The ransomware requests $US100 ($163) in bitcoin in 48 hours on the ransom note. It threatens to erase your contacts, pictures and videos, as well as your phone’s memory. It even claims that it will leak your social media accounts publicly.
If you’ve been hit by this app, DomainTools has reverse-engineered the decryption key you’ll need to use to unlock your Android again. I recommend deleting this app ASAP, and possibly installing an antivirus/antimalware app to make sure there now isn’t anything else on your device.
If you need information, try the trusty Johns Hopkins University dashboard. Try not to worry about whether your neighbour has the coronavirus, or whether there’s an app out there that can track all sickly people around you. (There isn’t.) Don’t download apps from anywhere but the Google Play Store and, even then, really think about whether you need an app for whatever it is you’re considering grabbing.
If anything, the fact that we’re all basically quarantined in our homes right now is a great excuse to take a digital break. Don’t check the stock market. Don’t check the hourly news crawl. Be free of your smartphone (since you can’t really make plans with anyone) and avoid the need to check in on your apps. Enjoy the zen-like state that this semi-forced loss of all our social escapes has dropped onto us. And stop sideloading apps onto your Android device unless you absolutely need to.