In recent months, the hackers take advantage of the situation that prevails with him COVID-19 and set up various scams. During this time, it is used in attacks a new ransomware that appears as Android application contact detection for COVID-19.
The researchers from ESET said the new ransomware appeared only a few days after its announcement Health Canada for the release of the application COVID Alert, which will be tested first in Ontario, before being released in all areas.
The official mobile app will be released in at least a month. However, cybercriminals are trying to promote one Android package, which is supposed to come from the government. THE application circulating the hackers It seems to be the official COVID-19 contact detection app, but it's malicious.
According to researchers, two websites offered the fake app that seems to be Health Canada. However, domains (not running now), tracershield [.] Ca and covid19tracer [.] Ca, hosted APKs that, when downloaded, installed it CryCryptor ransomware on Android devices.
If an Android user downloads the APK from fake domains and installs the application, ransomware will request access to files and start encrypting content on the device.
Finally, the .ENC extension is added to the infringed ones archives. Where the encrypted files are stored, there is also a note asking for a ransom.
ESET managed to create one decryption tool for the current version of Android ransomware, located on GitHub.
The ransomware was spotted on GitHub as its source code was released on June 11. According to ESET, its developer, who named the open source malware, CryDroid, he said research project.
"We reject the claim that the project was made for research purposes - no responsible researcher will publicly release a tool which is easy to use for malicious purposes ", says ESET.
GitHub has been informed of its true nature code.