Attackers use panic because of the coronavirus pandemic (COVID-19) to spread cryptocurrency ransomware applications.
Previously, under the pretense of a COVID-19 tracker, cybercriminals distributed desktop versions of the software. Now, similar programs are downloaded by many users of Android devices around the world.
DomainTools cybersecurity researchers have found an expansion in the number of domain names that mention coronavirus. One of these sites, coronavirusapp, offers users to install an Android application, which then locks the screen and requires payment of the equivalent of $ 100 in bitcoin.
A site distributing the fraudulent CovidLock application claims that the software is certified by the World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC). Also, hackers claim that the application allegedly has already downloaded 6 million people.
Besides, the description says that the program can instantly notify about infections in the vicinity: “Get instant notifications about coronavirus patients near you. View COVID-19 flash information based on WHO and CDC data in a convenient way.”
After installation, the application requests various permissions, including the screen lock.
DomainTools experts concluded that hackers distributing CovidLock had previously created other software also aimed at extorting cryptocurrencies.