Author

Topic: Another Corona Virus Tracking app malware founds it's way in Google Play (Read 284 times)

full member
Activity: 1176
Merit: 162
And where did you find this malicious app, on google playstore? I guess playstore is not safe anymore, they even spreading scam/fraud/malware. Just in previous months I just heard a fake wallet app was created and now this even abusing covid19 crisis. So we need to be careful don't just install any apps even on google playstore because they don't have any verification unless someone reports it, they will take it down.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
These bad guys are brutal, they don't really choose a day to attack.

We here are aware of not downloading any kind of material or app online unless you are very familiar with it and there's a purpose why you are going to download it.
legendary
Activity: 2744
Merit: 1878
Rollbit.com | #1 Solana Casino
People who have too much curiosity will endanger themselves. No need to install or visit a particular website, in all social media, print media digital media has a lot of valid updated information that is spread by the government about the development of the virus epidemic corona Covid19 .
Malware created by hackers that exploits the panic of all people in the world today is very evil and does not think he will also be infected. this is not only a problem of China but a problem and disaster of the human race on this earth.
Hackers who create malicious malware like this will only add to the sadness of people trying to find valid information. the government must take part and catch the malware creator if it does harm many people.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
In addition, I don't see the reasons to track those coronavirus around me. If there are cases in my location, local government will do serious orders to contain the virus. And basically, what you have to do is do what the health experts advised, staying away from crowd, keep your body as clean as possible (especially your hands), and try to stay inside your house as much as possible. That's all you need to do to protect yourself from the virus.
My thoughts exactly on a deeper look at this, with all the effective quarantne methods and the way the world is tackling this virus heads on; E.g in my state our internet network service providers send bulk(broadcast)messages to our mobile phones on the very essential and basic preventive measures, they also update us on areas that have been rampaged/ravaged and to stay away from those areas and at best stay at home. This is somewhat of a world wide crisis, prominent individuals have tested positive, information on what to do isn't concealed, it's so overt that it'll eventually come to your doorsteps, no need to download any app at all.  
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
To be honest with you all, I don't understand why people who own crypto currency or Bitcoin in particular have interests to download and install those apps on their devices. It contains high risks of money being stolen from malwares inside those apps.

In addition, I don't see the reasons to track those coronavirus around me. If there are cases in my location, local government will do serious orders to contain the virus. And basically, what you have to do is do what the health experts advised, staying away from crowd, keep your body as clean as possible (especially your hands), and try to stay inside your house as much as possible. That's all you need to do to protect yourself from the virus.

For people who have big curiosity on how those apps work, please install it on a device that you don't use for your emails, accounts, wallets. Experiencing any apps you want and dump the device into the trash can when it is broken.
legendary
Activity: 3038
Merit: 2162
My advice to people is to always look for a browser-based app first instead of installing stuff on their computers or mobile devices. In this case, there are websites that provide live data about the coronavirus, so there's no need to install anything. The browser is much more safer than apps, the attacks are very rare and hard to execute and browser vendors make very quick patches. Just don't use browser-based apps for anything sensitive like crypto wallets or password managers.
hero member
Activity: 2632
Merit: 833
I am surprised how it is yet to work/succeed.
I think it's down to the part where they ask the victim to send $100 in Bitcoin. It would spook anyone and the response would very rarely be to send the funds, rather they will seek real life assistance from people around them who are savvy in computers to fix the issue.

This sort of blackmail is ineffective in my opinion.
People should be careful of the sites they visit, especially when it is an unsolicited link which was sent to them through email, telegram or any other source.

In a perfect world, this blackmail should be ineffective. However,

US hospital pays $55,000 to hackers after ransomware attack

Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers

Hospital CEO forced to pay hackers in bitcoin now teaches others how to prepare for the worst

So we can't really say, maybe someone can still fall for this trick in the future.
legendary
Activity: 2254
Merit: 2406
Playgram - The Telegram Casino
I am surprised how it is yet to work/succeed.
I think it's down to the part where they ask the victim to send $100 in Bitcoin. It would spook anyone and the response would very rarely be to send the funds, rather they will seek real life assistance from people around them who are savvy in computers to fix the issue.

This sort of blackmail is ineffective in my opinion.
People should be careful of the sites they visit, especially when it is an unsolicited link which was sent to them through email, telegram or any other source.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
- btc address is still empty, thanks to our researchers, but we really don't know maybe someone in the
  next coming weeks will fall for this trick
This is the surprising part, could it mean people now double check before they send out their money to this scammers, this trick is a bit different from the more popular giveaway scams, this scammers are trying to work on the psyche of people with the most trending issue in the world now: corona virus pandemic and I am surprised how it is yet to work/succeed. Another reason is "warning" threads like this, it will save many more people from sending BTC to that address.
hero member
Activity: 1064
Merit: 639
This is a hacker's wallet where he asks for payments from people
Code:
BTC wallet: 18SykfkAPEhoxtBVGgvSLHvC6Lz8bxm3rU

Email Address:
Code:

According to www.domaintools.com This Malware using the "Drive-by Compromise T1 Technique" which means if you visit a website that contains Drive-by Compromise T1, then you will not even aware and the malware will be downloaded and installed silently

Source: link for wallet
Main source:
www.domaintools.com

@op, thank you very much for informing
hero member
Activity: 2632
Merit: 833
The following are the attack vector

- they created a site called,
Code:
coronavirusapp.site

- they have a banner encouraging people to download the malicious code for real time updates

- after a few days, they change their websites to using DoMobile - provider of legit Android Applications



Actual Image

So once you have installed the Covidlock malware, it will infect your mobile thru the following:

- check whether if the user is running on administrator if not, will request permissions
- will do a DNS lookup and HTTP communication to a ‘bit.ly’ shortened URL.
- dynamically generated ransomware note that is sent to the users lock screen.
- combined with the data from the Pastebin URL, it will generate the image below
- asking you to pay ransom of $100 in BTC
- btc address is still empty, thanks to our researchers, but we really don't know maybe someone in the
  next coming weeks will fall for this trick.




I also found some homograph attacks, so the original site may have been taken down already, but those criminals are ready with many websites waiting to be deploy again.

Code:
ćoronavirusapp.site (xn--oronavirusapp-9sb.site)
ƈoronavirusapp.site (xn--oronavirusapp-v9c.site)
ċoronavirusapp.site (xn--oronavirusapp-vub.site)
coronaviruŝapp.site (xn--coronaviruapp-ysc.site)
coronavirușapp.site (xn--coronaviruapp-5xe.site)
coronaviruṡapp.site (xn--coronaviruapp-5o1g.site)
coronavirušapp.site (xn--coronaviruapp-kuc.site)
coronavirusapṗ.site (xn--coronavirusap-8k1g.site)
coronavirusapṕ.site (xn--coronavirusap-gk1g.site)
coronavirusapƿ.site (xn--coronavirusap-8wd.site)
coronavirusapƥ.site (xn--coronavirusap-umd.site)
coronavirusaṗp.site (xn--coronavirusap-7k1g.site)
coronavirusaṕp.site (xn--coronavirusap-fk1g.site)
coronavirusaƥp.site (xn--coronavirusap-tmd.site)
coronavirusaƿp.site (xn--coronavirusap-7wd.site)
coronavirusąpp.site (xn--coronaviruspp-ssb.site)
coronavirusȧpp.site (xn--coronaviruspp-s3e.site)
coronavirusăpp.site (xn--coronaviruspp-zrb.site)
coronavirusǎpp.site (xn--coronaviruspp-62d.site)
coronavirusạpp.site (xn--coronaviruspp-sf2g.site)
coronavirusɑpp.site (xn--coronaviruspp-llf.site)
coronavirusåpp.site (xn--coronaviruspp-zfb.site)
coronavirusäpp.site (xn--coronaviruspp-lfb.site)
coronavirusãpp.site (xn--coronaviruspp-6eb.site)
coronavirusápp.site (xn--coronaviruspp-eeb.site)
coronavirusâpp.site (xn--coronaviruspp-seb.site)
coronavirusàpp.site (xn--coronaviruspp-zdb.site)
coronaviruṣapp.site (xn--coronaviruapp-yp1g.site)
coronaviruśapp.site (xn--coronaviruapp-5rc.site)
coronaviruʂapp.site (xn--coronaviruapp-54f.site)
coronavirȗsapp.site (xn--coronavirsapp-cxe.site)
coronavirụsapp.site (xn--coronavirsapp-x62g.site)
coronavirȕsapp.site (xn--coronavirsapp-jwe.site)
coronavirűsapp.site (xn--coronavirsapp-x0c.site)
coronavirůsapp.site (xn--coronavirsapp-4zc.site)
coronavirųsapp.site (xn--coronavirsapp-q1c.site)
coronavirưsapp.site (xn--coronavirsapp-4qd.site)
coronavirūsapp.site (xn--coronavirsapp-jyc.site)
coronavirŭsapp.site (xn--coronavirsapp-czc.site)
coronavirʉsapp.site (xn--coronavirsapp-x7f.site)
coronavirüsapp.site (xn--coronavirsapp-4ob.site)
coronavirũsapp.site (xn--coronavirsapp-qxc.site)
coronavirúsapp.site (xn--coronavirsapp-cob.site)
coronavirᴜsapp.site (xn--coronavirsapp-4y7f.site)
coronavirûsapp.site (xn--coronavirsapp-qob.site)
coronavirǔsapp.site (xn--coronavirsapp-j5d.site)
coronavirùsapp.site (xn--coronavirsapp-xnb.site)
coronaviṙusapp.site (xn--coronaviusapp-wl1g.site)
coronaviɾusapp.site (xn--coronaviusapp-i3f.site)
coronaviṛusapp.site (xn--coronaviusapp-pm1g.site)
coronaviṟusapp.site (xn--coronaviusapp-bo1g.site)
coronaviȓusapp.site (xn--coronaviusapp-pve.site)
coronaviȑusapp.site (xn--coronaviusapp-wue.site)
coronaviřusapp.site (xn--coronaviusapp-brc.site)
coronaviɍusapp.site (xn--coronaviusapp-wjf.site)
coronaviŗusapp.site (xn--coronaviusapp-iqc.site)
coronaviɽusapp.site (xn--coronaviusapp-32f.site)
coronaviɼusapp.site (xn--coronaviusapp-p2f.site)
coronaviŕusapp.site (xn--coronaviusapp-ppc.site)
coronaviʀusapp.site (xn--coronaviusapp-b4f.site)
coronavīrusapp.site (xn--coronavrusapp-v7b.site)
coronavȋrusapp.site (xn--coronavrusapp-hse.site)
coronavịrusapp.site (xn--coronavrusapp-hw2g.site)
coronavɨrusapp.site (xn--coronavrusapp-ouf.site)
coronavỉrusapp.site (xn--coronavrusapp-ov2g.site)
coronavĭrusapp.site (xn--coronavrusapp-o8b.site)
coronavǐrusapp.site (xn--coronavrusapp-v3d.site)
coronavɩrusapp.site (xn--coronavrusapp-2uf.site)
coronavırusapp.site (xn--coronavrusapp-99b.site)
coronavïrusapp.site (xn--coronavrusapp-vjb.site)
coronavìrusapp.site (xn--coronavrusapp-oib.site)
coronavírusapp.site (xn--coronavrusapp-2ib.site)
coronaⱴirusapp.site (xn--coronairusapp-8u2k.site)
coronaᶌirusapp.site (xn--coronairusapp-u88f.site)
coronaṿirusapp.site (xn--coronairusapp-101g.site)
coronaṽirusapp.site (xn--coronairusapp-8z1g.site)
coronaⱱirusapp.site (xn--coronairusapp-1t2k.site)
coronąvirusapp.site (xn--coronvirusapp-msb.site)
coronȧvirusapp.site (xn--coronvirusapp-m3e.site)
coronăvirusapp.site (xn--coronvirusapp-trb.site)
coronǎvirusapp.site (xn--coronvirusapp-02d.site)
coronåvirusapp.site (xn--coronvirusapp-tfb.site)
coronạvirusapp.site (xn--coronvirusapp-mf2g.site)
coronɑvirusapp.site (xn--coronvirusapp-flf.site)
coronãvirusapp.site (xn--coronvirusapp-0eb.site)
coronävirusapp.site (xn--coronvirusapp-ffb.site)
coronávirusapp.site (xn--coronvirusapp-7db.site)
coronâvirusapp.site (xn--coronvirusapp-meb.site)
coronàvirusapp.site (xn--coronvirusapp-tdb.site)
coroꞑavirusapp.site (xn--coroavirusapp-z120c.site)
coroňavirusapp.site (xn--coroavirusapp-ekc.site)
coroņavirusapp.site (xn--coroavirusapp-ljc.site)
coroñavirusapp.site (xn--coroavirusapp-lkb.site)
coroǹavirusapp.site (xn--coroavirusapp-6ke.site)
coroṉavirusapp.site (xn--coroavirusapp-ef1g.site)
coroṇavirusapp.site (xn--coroavirusapp-le1g.site)
coroṅavirusapp.site (xn--coroavirusapp-sd1g.site)
corońavirusapp.site (xn--coroavirusapp-sic.site)
corönavirusapp.site (xn--cornavirusapp-kmb.site)
corónavirusapp.site (xn--cornavirusapp-dlb.site)
corơnavirusapp.site (xn--cornavirusapp-ykd.site)
corỏnavirusapp.site (xn--cornavirusapp-yx2g.site)
corọnavirusapp.site (xn--cornavirusapp-5w2g.site)
corȯnavirusapp.site (xn--cornavirusapp-r6e.site)
coṙonavirusapp.site (xn--coonavirusapp-ql1g.site)
coṛonavirusapp.site (xn--coonavirusapp-jm1g.site)
coȑonavirusapp.site (xn--coonavirusapp-que.site)
coṟonavirusapp.site (xn--coonavirusapp-4n1g.site)
coȓonavirusapp.site (xn--coonavirusapp-jve.site)
coɍonavirusapp.site (xn--coonavirusapp-qjf.site)
coɾonavirusapp.site (xn--coonavirusapp-c3f.site)
cořonavirusapp.site (xn--coonavirusapp-4qc.site)
coŗonavirusapp.site (xn--coonavirusapp-cqc.site)
coŕonavirusapp.site (xn--coonavirusapp-jpc.site)
coɽonavirusapp.site (xn--coonavirusapp-x2f.site)
coɼonavirusapp.site (xn--coonavirusapp-j2f.site)
coʀonavirusapp.site (xn--coonavirusapp-43f.site)
cöronavirusapp.site (xn--cronavirusapp-imb.site)
córonavirusapp.site (xn--cronavirusapp-blb.site)
cơronavirusapp.site (xn--cronavirusapp-wkd.site)
cỏronavirusapp.site (xn--cronavirusapp-wx2g.site)
cọronavirusapp.site (xn--cronavirusapp-3w2g.site)
cȯronavirusapp.site (xn--cronavirusapp-p6e.site)
ĉoronavirusapp.site (xn--oronavirusapp-2tb.site)
čoronavirusapp.site (xn--oronavirusapp-ovb.site)
çoronavirusapp.site (xn--oronavirusapp-hgb.site)

For a more detailed technical analysis, https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware#

Related: New Corona Virus Crypto Ransomware

Jump to: