Skip to main content

Report: Android ransomware is posing as a coronavirus tracking app

As we see more and more people desperate for information on the spread of the coronavirus, there will undoubtedly be people looking to profiteer from an information vacuum. According to a new report, one Android app masquerading as a coronavirus update application is in fact ransomware.

Security firm DomainTools has unearthed an app called “CovidLock” that claims to be a coronavirus tracking app but is actually ransomware, that will lock your device (via Android Authority, SC Magazine).

We’ve seen that Google and Verily are in the process of developing online tools to help you get screening and testing information in the US. However, while that is not widely available, many will head to the Google Play Store or online in an attempt to get some sort of answers.

DomainTools found that CovidLock — which can be downloaded at coronavirusapp[.]site — poses as a coronavirus tracking app and when installed prompts you to give accessibility and lock screen permissions.

This then lets CovidLock essentially lock your device, the criminals behind the app then hold you ransom for $100 in Bitcoin with threats of deletion of any personal data and social media accounts on your device unless the payment is made within 48 hours.

Since Android Nougat has rolled out, there is protection in place against this type of attack. However, it only works if you have set a password. If you haven’t set a password on your phone to unlock the screen, you’re still vulnerable to the CovidLock ransomware.

However, DomainTools notes that builds newer than Android Nougat are able to protect your device from these types of screen-lock attacks. They do mention that not having a lock screen passcode does mean protections are not valid and if installed you will have problems.

Luckily, the team at DomainTools has reverse-engineered the decryption keys that the CovidLock app will ask for to then give you back control of your device. Although AA notes that a Redditor has also posted the passcode just in case anyone you know has been affected and is being held to ransom.

The DomainTools security research team has reverse engineered the decryption keys and will be sure to post the key publicly. The team also has the BTC wallet and is monitoring its transactions. Further technical details will be released soon.

It’s also an important time to note that many apps and sites may attempt to take advantage of people seeking information about the coronavirus. Our advice is to only stick to sites and services from official news and government agencies to ensure that these insidious kinds of malware are avoided and nullified.

More on the Android:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Damien Wilde Damien Wilde

Damien is a UK-based video producer for 9to5Google. Find him on Twitter @iamdamienwilde. Email

Damien Wilde's favorite gear