“CovidLock”: Bitcoin Ransomware Exploiting Coronavirus Fears

Coronavirus epidemic is a perfect opportunity for hackers to fleece unsuspecting victims of their Bitcoin with websites and applications purporting to provide information or service related to the disease. DomainTools, cybersecurity threat researchers, have identified that the website coronavirusapp.site dedicated to the coronavirus assists the installation of a new Bitcoin ransomware called “CovidLock.”

The website asks its visitors to install an Android app which purportedly monitors news about the spread of COVID-19, claiming to notify users when an infected person appears nearby using heatmap visuals.

CovidLock ransomware locks screens of unwitting victims

Despite sporting certification from the World Health Organization and the Centers for Disease Control and Prevention, the website is a cover for the “CovidLock” ransomware which launches a screen lock attack on unsuspecting users.

When installed, CovidLock changes the lock screen on the device and demands a payment of $100 in Bitcoin for a password that will unlock the screen and return control of the device to the owner.

If the ransom is not paid within 48 hours, CovidLock threatens to eliminate everything stored on the device, including contacts, pictures, and videos.

In order to force users into compliance the program displays a message stating: “YOUR GPS IS WATCHED AND YOUR LOCATION IS KNOWN. IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED.”

DomainTools asserts that they have reversed engineered the decryption keys for CovidLock, adding that they will publicly post the key.

Websites related to coronavirus are 50% more likely to be malicious

A cyber threat analyst Check Point notes that coronavirus-related websites are 50% more likely to be a front for malicious actors than other websites.

Since January 2020, the company states that over 4,000 domain names related to the coronavirus have been registered globally — 3% of which are believed to be “malicious,” and 5% are considered “suspicious.”

Coronavirus scams lead U.K. public to $1 million losses

On March 11, the U.K. Financial Conduct Authority warned about a growing number of scams related to coronavirus, including scams offering crypto investments.

The U.K. National Fraud Intelligence Bureau (NFIB) stated that many malicious websites are claiming to provide maps and visualizations monitoring the spread of coronavirus, much like CovidLock. An NFID representative explained:

“They claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in bitcoin.”

The NFIB calculations show that coronavirus-related scams have already duped approximately $1 million out of the British public.