CYBER NEWS

Android Ransomware Distributed as COVID-19 Tracer Software in Canada

Android users in Android should stay on alert for Android ransomware that poses as a mobile COVID-19 tracer software made for Canadian citizens. The collected samples are categorized to come from the CryoCaptor ransomware family which is a dangerous group of malware.




CryCryptor Andoid Ransomware Poses as Legit Canada COVID-19 Tracer Software

The recent COVID-19 crisis has been used by malware developers worldwide in order to distribute viruses across all platforms. Android is no different as the recent tracing software which have been developed by government institutions and private organizations. An unknown hacking group has made a counterfeit Android COVID-19 tracing app which is actively being sent to the target users. This ransomware is part of the CryCryptor ransomware engine – a group of related threats. The collected sample impersonates a Canadian application. The hacking group has designed the virus in order to impersonate the application developed by Health Canada.

It is distributed using different infection methods including counterfeit messages, download sites and other types of web sources. Some of the captured versions were analyzed and the results show that the hacker group has used an open-source ransomware project hosted on GitHub as the base for the creation of the ransomware.

Related:
A new malware called NitroHack has been developed for the Discord online gaming community service, read our article to learn more
NitroHack Malware Infects Discord Clients In Worldwide Attack

When the infection has infiltrated a given Android device the intended built-in sequence will be run. The actual file processing will partially lock down the devices and will process sensitive user data with a strong cipher. The data that will be encrypted will be stored in memory. In every location where there are affected a readme file will be crafted which includes the ransom note instructions. The victims will be manipulated into emailing the hackers to their Proton Mail inbox. When they receive an answer for them they will be manipulated into paying a decryption fee which is to be wired through cryptocurrency assets. For every individual device which has been compromised an unique ID will be assigned to every computer.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...