‘About Coronavirus’ app locks Android screens with repackaged malware
An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites.
Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and and parts of India and North Africa.
The Uzbek-language app, called “Koronavirus haqida” or “About Coronavirus,” confounds its victims by locking the screen, prohibiting access and demanding a ransom payment to restore proper functionality. A ransom note says victims only have 20 minutes to pay before the phone is rendered unusable, but the threat is empty. However, the malware does require some effort to eradicate — it survives a reboot and must be removed via the Android Debug Bridge or Safe Mode.
The ransom note instructs the victim to call a phone number to make a payment and then receive the code to unlock the phone. Strangely, the code, which is hard-coded into SLocker, is the same as the phone number itself, just without the “+” sign.
Back in March, researchers at DomainTools reported a similar scam that infected users with a screen locker by disguising it as an app that supposedly offered statistics on the COVID-19 pandemic and a heat map of outbreak hotspots. According to DomainTools, the malware in that case, dubbed CovidLock, was a newly discovered program, while in this instance, the malware seems to merely be a redressed version of SLocker.
“Users with a voracious appetite consume everything that’s coronavirus-related, and in this case, the app would lock the screen of the phone, prompting people to pay for a code to return the control of their device,” explains a Bitdefender company blog post by analyst Silviu Stahie and researcher Adina Mateescu. “While it’s not as damaging as ransomware, the average user will have a hard time distinguishing between threats, as the result is the same, and that’s getting locked out of your device.”
The post ‘About Coronavirus’ app locks Android screens with repackaged malware appeared first on SC Media.