When some international relevant news pop up, the cyber criminals usually try to make use of them to trick worried people about a particular topic and the recent worldwide emergency made for the Coronavirus is no exception. DomainTools, a reverse engineering software brand has published a detailed summary about how have increased the fake and malicious web domains with names related with the words “coronavirus” and “COVID-19”.

https://www.youtube.com/watch?time_continue=1&v=_QdPW8JrYzQ&feature=emb_logo

The virus attack has generated millions of daily searchings on Internet, that’s why the threatening actors try to redirect some of the searchings to fake sites. Through constant monitoring, on these domains, the reverse engineering brand discovered one in particular; identified as <<coronavirusapp(.)com>>, this website tells about publish a tracker of infections and virus attacks in real time by downloading the app.

 

Source: DomainTools

The unlucky visitors of this site are triggered to download an app for Android devices which allow them to gain access to a world map with COVID-19 updated indicators in real time, including graphics and thermal maps above geographic spots with more coronavirus presence.

 

 

 

 

 

 

 

 

 

 

 

 

What the victims of this fraud truly download0 is in fact a variety of ransomware for mobile devices. The investigators have baptized this malware as “CovidLock”, because of their features and the fact of taking advantage of the world attack of the COVID-19.

 

According to the reverse engineering brand, after being installed in the device of the victim, CovidLock manages to force a change in the password used to unlock the device; similar methods of infection reported previously, have been identified as a screen block attack, affecting mainly the users of Android.

 

After rebooting the password, it is shown to the victim the rescue note, in where the hackers demand a payment of 100 dollars in Bitcoin, besides fixing a time of 48h to make the payment. On the contrary, the attackers threaten with deleting all the information of the infected device, besides publishing the private information of the victims.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The investigators have notified to Android and even began to monitor the activity of the crypto coin address used by the hackers, so more details could be released soon.

 

The International Institute of Cyber Security (IICS) recommends not to install apps from unknown sources, so this is the main way of attack to mobile devices. Besides, the worried users about the coronavirus attack, it is always better to wait official updates of the health authorities.

 

Deja un comentario