This coronavirus Android malware will lock you out of your phone

Coronavirus Ransomware Site
Coronavirus Ransomware Site (Image credit: DomainTools)

What you need to know

  • Security company DomainTools has discovered a ransomware app disguised as a tracker for the coronavirus.
  • CovidLock claims to be a real-time tracker for the virus, but in reality, it changes the password on your phone and threatens to erase everything unless you pay $100 in Bitcoin.
  • The app is only available outside of the Play Store and should only affect phones running versions of Android before Nougat.

At the beginning of March, Google began blocking the search terms for "coronavirus" and "COVID-19" on the Play Store. This was an effort to prevent nefarious developers from spreading misinformation or taking advantage of user's fears and concerns. So far, it has worked, as long as you stick to the Play Store, your searches for apps about the coronavirus will return zero results.

The danger comes when you venture outside of the Play Store and begin installing apps from third-party sources. Recently, the security company DomainTools discovered a coronavirus tracking app called CovidLock that is actually a piece of ransomware.

While the app claims to be a real-time tracker for the COVID-19 virus, in reality, the app is malware that will lock you out of your phone and demand a ransom. It does this by changing the password on your phone and demanding $100 in Bitcoin within 48 hours. If you fail to pay, it threatens to erase everything on your phone and leak your social media accounts online. It even warns that your phone is being tracked, and "if you try anything stupid your phone will be automatically erased."

Source: DomainTools

Fortunately, most new phones will be immune against this attack, because Google added protections against it starting with Android Nougat. However, if you're running an older version of Android and you've been affected by this malware, there is some good news. Reddit user luca020400 has decompiled the app to find the password. According to him, the password is "4865083501" without the quotes.

Even though the password has been cracked, this is still a stark reminder that it is best to stick to the Play Store when installing apps. Venturing outside of Google's authorized app store can infect your phone with all kinds of nasty malware. Especially in times of crisis when our fear can be used against us.

Coronavirus: Best Online Resources and How Your Smartphone Can Help

Jason England