Android users in Android should stay on alert for Android ransomware that poses as a mobile COVID-19 tracer software made for Canadian citizens. The collected samples are categorized to come from the CryoCaptor ransomware family which is a dangerous group of malware.
CryCryptor Andoid Ransomware Poses as Legit Canada COVID-19 Tracer Software
The recent COVID-19 crisis has been used by malware developers worldwide in order to distribute viruses across all platforms. Android is no different as the recent tracing software which have been developed by government institutions and private organizations. An unknown hacking group has made a counterfeit Android COVID-19 tracing app which is actively being sent to the target users. This ransomware is part of the CryCryptor ransomware engine – a group of related threats. The collected sample impersonates a Canadian application. The hacking group has designed the virus in order to impersonate the application developed by Health Canada.
It is distributed using different infection methods including counterfeit messages, download sites and other types of web sources. Some of the captured versions were analyzed and the results show that the hacker group has used an open-source ransomware project hosted on GitHub as the base for the creation of the ransomware.
When the infection has infiltrated a given Android device the intended built-in sequence will be run. The actual file processing will partially lock down the devices and will process sensitive user data with a strong cipher. The data that will be encrypted will be stored in memory. In every location where there are affected a readme file will be crafted which includes the ransom note instructions. The victims will be manipulated into emailing the hackers to their Proton Mail inbox. When they receive an answer for them they will be manipulated into paying a decryption fee which is to be wired through cryptocurrency assets. For every individual device which has been compromised an unique ID will be assigned to every computer.