This ransomware poses as a Covid-19 tracing app

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
32,427
20
pchelpforum.net
Security researchers at ESET have discovered a new ransomware called CryCryptor which has been posing has an official Canadian Covid-19 tracing app.

The ransomware emerged only a few days after the Canadian government announced its intention to back the development of a nation-wide, voluntary tracing app called COVID Alert that will be rolled out for testing in Ontario as soon as next month.

CryCryptor is distributed from two websites that claim it is a Covid-19 tracing app when in reality it is just a new ransomware family. Once a user installs the fake app on their smartphone, the ransomware encrypts all of the files on their device but instead of locking it, CryCryptor leaves a “readme” file with the attacker's email in every directory alongside the encrypted files. Once all the target files have been encrypted, a notification is displayed on the device which reads “Personal files encrypted, see readme_now.txt”.


Thankfully though, after analyzing the app, ESET researchers discovered an “Improper Export of Android Components” bug that allowed them to create a decryption tool.

CryCryptor


By using a simple search based on the fake Covid-19 tracing app's package name and a few strings, ESET researchers discovered that the CryCryptor ransomware is based on open source code available on GitHub.

The developers behind the open source ransomware gave it the name CryDroid before uploading it to the developer platform. They also attempted to disguise the project as research by claiming they uploaded the code to VirusTotal.

At this time, it is still unclear as to who uploaded CryDroid in the first place but the code appeared on VirusTotal the same day it was published on GitHub. In a blog post, ESET researchers explained that there is no way the project was designed for research purposes as “no responsible researcher would publicly release a tool that is easy to misuse for malicious purposes”.

For those who have accidentally fallen victim to CryCryptor, you can download ESET's Android decryption app though the security company warns that the app will only work for this version of the ransomware.


Continue reading...