- Hackers are taking advantage of the coronavirus pandemic by releasing dangerous malware disguised as COVID-19 tracking apps.
- Don’t download any unfamiliar Android apps outside of the Google Play store, especially if they’re related to the coronavirus outbreak.
- Microsoft has released an actual COVID-19 tracker that is being updated all the time, so it’s a great tool to use instead of tracking apps from unknown developers.
- Visit BGR’s homepage for more stories.
As cities, states, and entire countries shut down in the wake of the coronavirus pandemic, people all over the world are desperately trying to stay informed and keep themselves and their families safe. Unsurprisingly, apps are popping up left and right to disseminate information and provide helpful tips, but perhaps even less surprisingly, at least one of those apps is loaded with ransomware as hackers attempt to take advantage of the situation.
Late last week, DomainTools reported that a domain was claiming to offer a real-time coronavirus outbreak tracker that Android users could download to their devices outside of the Google Play store. Of course, the truth of the matter was that the app was a scam, and is capable of denying users access to their phones by forcing a password change. This is a fairly common “screen-lock attack,” and the app has been appropriately dubbed CovidLock.
If you actually go through with installing the app on your phone, you will be greeted with a screen letting you know that your phone has been encrypted and that you need to pay $100 in bitcoin within 48 hours or your data will be erased. The ransomware even threatens to leak all of your social media accounts.
There have been protections for these kinds of attacks going all the way back to Android 7.0 Nougat, but you need to have set a password to unlock the screen. If you haven’t, you will be vulnerable to this attack.
We’ve suggested this repeatedly over the past several years, but you should never download an app from outside of the official Play Store unless you implicitly trust the source. Even then, know that you’re taking a risk by doing so. The good news is that DomainTools reverse-engineered the decryption key and released it publicly, so if you are reading this after falling victim to the app, here’s the key you need to unlock it: 4865083501.
If you want to track the virus without infecting any of your devices in the process, you should try Microsoft’s interactive Bing COVID-19 Tracker instead. The site has a live tally of every confirmed infection, breaking them down by active cases, fatalities, and recoveries, and features an interactive world map with clickable red circles representing cases in individual countries and US states. Clicking on those circles will bring up a breakdown of recoveries and fatalities, as well as news stories and videos concerning that region (though they aren’t all up-to-date).
According to The Verge, the site is pulling in data from World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), the European Centre for Disease Prevention and Control (ECDC), and Wikipedia. It is unclear how often the numbers are being updated, but since I started writing this article, I’ve seen the number of total confirmed cases go up multiple times. Bing’s tool is clearly still catching up.