When news of international relevance emerges, cybercriminals often try to take advantage of them to deceive people concerned about a particular issue, and the recent global emergency for coronavirus is no exception. DomainTools, a renowned malware reverse engineering firm, has published a report detailing how it has increased the registration of malicious and fraudulent web domains with word-related names such as “coronavirus” and “COVID-19”.
The virus outbreak has generated millions of daily Internet searches, so threat actors try to redirect some of those searches to fraudulent pages. Through constant monitoring of these domains, the malware reverse engineering firm discovered one in particular; identified as <<coronavirusapp(.)com>>, this website claims to publish a real-time outbreak and infection tracker available by downloading an application.
The unfortunate visitors to this site are encouraged to download an application for Android devices with which they will be able to access a world map with indicators on the COVID-19 updated in real time, including charts and heat maps on the locations with the highest presence of coronavirus.
What the victims of this scam actually download is a variant of ransomware for mobile devices. Researchers have dubbed this malware “CovidLock”, due to its characteristics and for taking advantage of the global COVID-19 outbreak.
According to the software reverse engineering firm, after being installed on the victim’s device, CovidLock manages to force a reset of the password used to unlock the device; similar infection methods reported before have been identified as screen lock attacks, mainly affecting Android users.
After the password reset, the victim is shown the ransom note, in which the hackers demand a $100 USD payment in Bitcoin, in addition to setting a 48-hour deadline to complete the transfer. Otherwise, attackers threaten to delete all information from the infected device, in addition to publishing private information of the victims.
Researchers have notified Android and even began monitoring the activity of the cryptocurrency address employed by hackers, so more details could be revealed shortly.
The International Institute of Cyber Security (IICS) recommends users do not installing applications from unknown sources, as this is the main attack vector against mobile devices. In addition, for users concerned about the coronavirus outbreak, it is always best to expect official updates from health authorities.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
