Researchers warn of a rogue app that pretends to be a corona tracker, but in reality, locks Android devices and demands a ransom for unlocking them. The Coronavirus Tracker app is offered outside the Google Play Store via a rogue website – coronavirusapp.site – and claims to be able to monitor the coronavirus outbreak in real-time at street, city and state level.
Once installed, the app asks for administrator rights, so that it can be loaded during a restart and has rights to lock the screen. Something users will also see in the request. Then the malicious app displays a warning that all data on the device is locked and $250 must be paid to regain access.
According to researcher Lukas Stefanko from antivirus company ESET and researcher Tarik Saleh, it is not encrypted data, but the malware locks the device. However, the malware uses a hardcoded key for the lock, so that the unlock code is the same for each device. This code to unlock the device is “4865083501“, notes Stefanko.
