The Federal Government has alerted Nigerians to the existence of an Android-based malicious and fraudulent coronavirus ransomware application, which claims to provide updates on the virus and infections near the user.
In a statement yesterday in Abuja, the Minister of Information and Culture, Lai Mohammed, said the ransomware blocks access to users’ personal data and accounts and threatens to delete, except users pay $100 in Bitcoin within 48 hours.
The statement signed by Segun Adeyemi, Special Assistant to the President, Office of the Minister of Information and Culture, said: “The ransomware app, detected on the website http://www.coronavirusapp.site/, prompts users to download an Android App purportedly for coronavirus map tracking and heat map visuals.”
A website browser adopted to verify the website also issued a ‘dangerous’ warning, advising that the website contains malware.
However, Mohammed noted that the development was a confirmation of warnings against cybercriminals, seeking to exploit the growing spread of the virus for nefarious gains. He, therefore, called on the general public not to download the ransomware App and to seek updates on the pandemic only from the appropriate authorities.
The coronavirus pandemic has created some confusing times. Trying to get a better handle on the situation, some people have looked to mobile apps to track the spread of the disease. These users were shocked to find they had accidentally installed a malware app instead.
An Android app called “COVID19 Tracker” marketed itself as a virus map to people worried about the outbreak. Users searching for an app to show the spread of the virus found a link to COVID19 Tracker, which claimed to do just that. Instead of getting it from the Google Play Store, they would have to download it directly from the website. Once users downloaded and opened the app, they found an unpleasant surprise.
COVID19 Tracker, like any other app, asked for device permissions, but once it gained this permission, it launched a program called “CovidLock.” CovidLock threatened to delete all data from the phone unless users paid $100 in Bitcoin within 48 hours.
CovidLock is a type of malware called ransomware, which holds users’ data hostage until they pay a ransom. Ransomware typically targets businesses since they have more money or power to offer. But CovidLock went after individual users, probably in hopes that they would be less suspecting than a company.
After it opened, CovidLock would lock users’ phones, so they couldn’t use it until they entered a decryption key. The app would give users the key if they paid the Bitcoin ransom through a link on the screen.
Fake apps and other forms of malware may be on the rise, but users can take steps to avoid them. To get information on the spread of COVID-19, people should turn to established trusted sources only. Medical institutions and government agencies will have accurate data on the matter.
Mobile apps should only come from official app stores. If it isn’t listed on the Google Play Store or Apple’s App Store, there’s a high chance that it could be a scam. Users should also take the time to study any app for suspicious signs before downloading.