Full report by Bitdefender:An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites.
Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and and parts of India and North Africa.
The Uzbek-language app, called “Koronavirus haqida” or “About Coronavirus,” confounds its victims by locking the screen, prohibiting access and demanding a ransom payment to restore proper functionality. A ransom note says victims only have 20 minutes to pay before the phone is rendered unusable, but the threat is empty. However, the malware does require some effort to eradicate — it survives a reboot and must be removed via the Android Debug Bridge or Safe Mode.
The ransom note instructs the victim to call a phone number to make a payment and then receive the code to unlock the phone. Strangely, the code, which is hard-coded into SLocker, is the same as the phone number itself, just without the “+” sign.
“Users with a voracious appetite consume everything that’s coronavirus-related, and in this case, the app would lock the screen of the phone, prompting people to pay for a code to return the control of their device,” explains a Bitdefender company blog post by analyst Silviu Stahie and researcher Adina Mateescu. “While it’s not as damaging as ransomware, the average user will have a hard time distinguishing between threats, as the result is the same, and that’s getting locked out of your device.”
The coronavirus pandemic is an opportunity for criminals who try to take advantage of people’s thirst for information. Unfortunately, Android users can fall prey to malware attacks using the COVID-19 cover, especially if they sideload apps by circumventing the... #android #covid19 #ransomware