CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

Tarik SalehSenior Security Engineer & Malware Researcher


Cybercriminals like to exploit people when they are at their most vulnerable. They use dramatic events that cause people to be emotional or fearful to drive their profits. Any time there are major news cycles happening on a topic that stirs a strong reaction, cybercriminals will not be far behind.

The Coronavirus is no different. Shortly after the first cases were confirmed, DomainTools’ researchers observed a minor uptick in domain names leveraging Coronavirus and COVID-19. These registrations have peaked significantly in the past few weeks and many of them are scams.

The security research team has continuously been monitoring these suspicious domains. The DomainTools security research team discovered a domain (coronavirusapp[.]site) that claims to have a real-time Coronavirus outbreak tracker available via an app download.
Malicious Website (coronavirusapp[.]site)





The domain prompts users to download an Android App that will give them access to a Coronavirus map tracker that appears to provide tracking and statistical information about COVID-19, including heatmap visuals.
Malicious COVID19 Tracker App





In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.
COVID-19 Tracker App Ransom Note





The ransomware requests $100 in bitcoin in 48 hours on the ransom note. It threatens to erase your contacts, pictures and videos, as well as your phone's memory. It even claims that it will leak your social media accounts publicly.

Since Android Nougat has rolled out, there is protection in place against this type of attack. However, it only works if you have set a password. If you haven't set a password on your phone to unlock the screen, you're still vulnerable to the CovidLock ransomware.

The DomainTools security research team has reverse engineered the decryption keys and will be sure to post the key publicly. The team also has the BTC wallet and is monitoring its transactions. Further technical details will be released soon.
How To Increase Your Ransomware Immunity


Be sure to only use trusted information sources from government and research institution’s websites. Don’t click on anything in your email that’s health related. In general, be sure to follow all of the basic phishing recommendations—be aware that people are trying to capitalize on fear here.
Ensure that you download Android applications only from the Google Play store. There is a much higher risk of downloading malware from untrusted 3rd party stores.
Research Conducted By:

Chad Anderson, Senior Security Researcher

Tarik Saleh, Senior Security Engineer & Malware Researcher

Ψεύτικο app ανίχνευσης κορωνοϊού εγκαθιστά το “Covidlock” Ransomware

16 Μαρτίου, 2020, 10:52 πμ by Absenta Mia




Η πανδημία του κορωνοϊού, συνεχίζει να εξαπλώνεται ραγδαία. Μέχρι τώρα ο ιός έχει μολύνει 153.000 ανθρώπους και έχει στοιχίσει τη ζωή σε 5.800 άτομα παγκοσμίως. Κι ενώ η κατάσταση έχει σπείρει τον τρόμο, οι κακόβουλοι παράγοντες προσπαθούν να εκμεταλλευτούν το κλίμα ανασφάλειας που επικρατεί, για να μολύνουν συσκευές smartphone με το Covidlock ransomware.

Σύμφωνα με την εταιρεία ασφαλείας DomainTools, ένας ιστότοπος υπόσχεται ότι προσφέρει έγκυρη πληροφόρηση σχετικά με τα περιστατικά του κορωνοϊού, μέσω της Android εφαρμογής του, αλλά στην πραγματικότητα εγκαθιστά το Covidlock ransomware.

Ο ιστότοπος, γνωστός ως “coronavirusapp [.] Site” παρουσιάζει πιστοποιήσεις από τον Παγκόσμιο Οργανισμό Υγείας (WHO) και από τα Κέντρα Ελέγχου και Πρόληψης Νοσημάτων (CDC). Επιπλέον, υποστηρίζει ότι η εφαρμογή του έχει πάνω από 6 εκατομμύρια κριτικές και βαθμολογία 4,4 αστέρων.

Η εφαρμογή υπόσχεται να στείλει ειδοποιήσεις στον χρήστη, όταν εντοπίζει κάποιο κρούσμα κορωνοϊού που βρίσκεται κοντά στην περιοχή του. Μόλις όμως ο χρήστης εγκαταστήσει την εφαρμογή και δώσει έγκριση για διάφορα δικαιώματα στη συσκευή του, δέχεται επίθεση από το Covidlock, το οποίο τον αναγκάζει να αλλάξει το κλείδωμα οθόνης του.


Στη συνέχεια το θύμα λαμβάνει ένα μήνυμα που του δίνει διορία 48 ώρες, για να πληρώσει τα λύτρα που του ζητάει. Το μήνυμα απειλεί το χρήστη ότι αν δεν πληρώσει έγκαιρα, θα σβήσει όλα τα δεδομένα από τη συσκευή του και επιπλέον θα διαρρεύσει τους λογαριασμούς των social media του. Το ποσό που ζητούν οι hacker είναι $100 σε bitcoin.

Μέχρι τώρα δεν έχει γίνει γνωστή κάποια περίπτωση που να έχουν καταβληθεί τα λύτρα. Εν τω μεταξύ, η εταιρεία ασφαλείας ισχυρίζεται ότι χρησιμοποίησε αντίστροφη μηχανική και ανακάλυψε τα κλειδιά αποκρυπτογράφησης και σκοπεύει να τα δημοσιεύσει σύντομα.

Φυσικά δεν είναι το μόνο περιστατικό που εκμεταλλεύεται την κατάσταση τρόμου που επικρατεί. Πριν λίγες μέρες κυκλοφόρησε ένας ψεύτικος χάρτης εντοπισμού του κορωνοϊού που εγκαθιστούσε ένα malware στους υπολογιστές για να κλέψει κωδικούς.

Η DomainTools σημειώνει ότι ένας ανησυχητικός αριθμός domain, καταχωρείται γύρω από τον κορωνοϊό. “Αυτές οι καταχωρήσεις έχουν αυξηθεί σημαντικά τις τελευταίες εβδομάδες και πολλές από αυτές είναι απάτες”.

Ένα παρόμοιο περιστατικό συνέβη πρόσφατα στο Ιράν, όπου ένα app υποσχόταν να ενημερώνει τους ανθρώπους σε περίπτωση που έχουν προσβληθεί από τον κορωνοϊό. Όμως στην πραγματικότητα αυτό που έκανε ήταν να συλλέγει τα δεδομένα τοποθεσίας των πολιτών του Ιράν.

Coronavirus COVID-19 Global Cases by the Center for Systems Science and Engineering (CSSE) at Johns Hopkins University (JHU)

 Professor Lauren Gardner, a civil and systems engineering professor at Johns Hopkins University, built the dashboard with her graduate student, Ensheng Dong. It is maintained at the Center for Systems Science and Engineering at the Whiting School of Engineering, with technical support from ESRI and the Johns Hopkins University Applied Physics Laboratory. Gardner is co-director of the CSSE.

CSSE : PC version  

 

Coronavirus COVID-19 Global Cases by Johns Hopkins CSSE Mobile Version  

Microsoft Bing team launches COVID-19 tracker

Microsoft's COVID-19 tracker is located at bing.com/covid.

 By Catalin Cimpanu for Zero Day | March 15,

The Microsoft Bing team launched today a web portal for tracking coronavirus (COVID-19) infections across the globe.

"Lots of Bing folks worked (from home) this past week to create a mapping and authoritative news resource for COVID19 info," said Michael Schechter, General Manager for Bing Growth and Distribution at Microsoft.

The website, accessible at bing.com/covid, is a basic tracker. It shows up-to-date infection statistics for each country around the globe and all the US states.

Data is aggregated from authoritative sources like the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and the European Centre for Disease Prevention and Control (ECDC).

Users can click countries or US states on the map and see the latest infection stats, along with the latest COVID-19 news coverage for that specific country or state.

Microsoft announced the website tonight, two days after President Trump said Google began working on COVID-19-related portal for US citizens.

According to reports, Google's websites will be more than just an infection tracker and news portal, and will also include information on COVID-19 symptoms, risks associated with the disease, and info on local testing centers.


Google's website is being built by Verily, a subsidiary of Alphabet focused on healthcare services. More than 1,700 engineers are currently working on the site, President Trump said.

The COVID-19 outbreak, which started in late December 2019 in China, has now infected more than 168,000 people and killed nearly 6,500.

Earlier this week, the WHO officially declared COVID-19 a global pandemic. The last time when a global pandemic was declared was in 2009, for the H1N1 influenza virus.

List of Free Software and Services During Coronavirus Outbreak

List of Free Software and Services During Coronavirus Outbreak


By
Lawrence Abrams March 14, 2020 04:59 PM 0








In response to the Coronavirus (COVID-19) outbreak, many organizations are asking their employees to work remotely. This, though, brings new challenges to the workplace as users adapt to video meetings, screen sharing, and the use of remote collaboration tools.


To assist a new wave of remote works and get some publicity at the same time, many software developers and service providers have started to offer free licenses or enhanced versions of their software and services.


Below is a roundup of all the free upgrades to services and software licenses being offered during the Coronavirus outbreak.


If you are a software developer or technology service provider and would like to add any free offers to this list, please contact us and let us know.
AT&T


According to a report by Vice, AT&T is suspending broadband data caps during the Coronavirus outbreak.


AT&T is the first major ISP to confirm that it will be suspending all broadband usage caps as millions of Americans bunker down in a bid to slow the rate of COVID-19 expansion. Consumer groups and a coalition of Senators are now pressuring other ISPs to follow suit.
Cisco


Cisco is changing its free Webex meeting software so that it supports unlimited usage, supports up to 100 people per meeting, and has toll dial-in availability.


For businesses that are not currently a customer, Cisco is also offering free 90-day trials.


"Additionally, through our partners and the Cisco sales team, we are providing free 90-day licenses to businesses who are not Webex customers in this time of need. We’re also helping existing customers meet their rapidly changing needs as they enable a much larger number of remote workers by expanding their usage at no additional cost."
Cloudflare


Cloudflare has made its Cloudflare for Teams service free for small businesses for at least six months.


"Beginning today, we are making our Cloudflare for Teams products free to small businesses around the world. Teams enables remote workers to operate securely and easily. We will continue this policy for at least the next 6 months."


Using Cloudflare for Teams, remote workers can gain access to a company's internal resources using a secure VPN.
Discord


Discord has enhanced its free Go Live streaming service so that it can now support 50 simultaneous users rather than 10.


"We wanted to find a way to help, so we’re temporarily upping the limit on Go Live to 50 people at a time, up from 10. Go Live is free to use and lets people privately stream or screen share apps from a computer while others watch on any device — so teachers can conduct a class, co-workers can collaborate, and groups can still meet. You can learn more about how to get started with Go Live here," Discord stated in a blog post.
Google


Google is giving G Suite and G Suite for Education customers free access to their Hangouts Meet video-conferencing features.


This includes these features:
Larger meetings, for up to 250 participants per call
Live streaming for up to 100,000 viewers within a domain
The ability to record meetings and save them to Google Drive
Instant Housecall


Subscribers to Instant Housecall can now create subaccounts that allow remote workers to take over their office PC. This offer will be available until the World Health Organization (WHO) designates the end of the pandemic.


"All plans now include subaccounts that let your customers work remotely. Using a subaccount that you create, your customers can login and control their own unattended PC," the announcement states.
Logmein


LogMeIn is providing a free Emergency Remote Work Kit that gives free 3-month site-wide licenses to GoToMeeting to make it easier for remote workers to conduct meetings.


"Starting immediately, we will be offering our critical front-line service providers with free, organization-wide use of many LogMeIn products for 3 months through the availability of Emergency Remote Work Kits. These kits will include solutions for meetings and video conferencing, webinars and virtual events, IT support and management of remote employee devices and apps, as well as remote access to devices in multiple locations. For example, the “Meet” Emergency Remote Work Kit will provide eligible organizations with a free site-wide license of GoToMeeting for 3 months," LogMeIn CEO Bill Wagnar said in a blog post.
Loom


The Loom video messaging platform has announced that through July 1st, 2020 they will provide these additional features:
Remove the recording limit on our free plan — what was 25 is now unlimited
Cut the price of Loom Pro in half — what was $10/month is now $5/month
Extend all trials of Loom Pro from 14 to 30 days
Microsoft


Microsoft is making Microsoft Teams for free for the next six months to aid businesses who move towards a remote workplace during the outbreak.


"At Microsoft, the health and safety of employees, customers, partners and communities is our top priority. By making Teams available to all for free for six months, we hope that we can support public health and safety by making remote work even easier," Microsoft EVP and President JP Courtois stated on Twitter.
Splashtop


Splashtop is offering free 60-day licenses to its Business Access remote access software.


"In response to the recent coronavirus outbreak, many organizations, businesses, educational institutions, and governments are recommending that people work from home to help reduce the spread of the virus. To support these remote work initiatives, Splashtop is offering its Splashtop Business Access remote computer access software free for 60 days in some of the most affected countries.


Residents of China, Hong Kong, Macau, and Taiwan are eligible for the free license,"
TechSmith


TechSmith is giving free licenses to their TechSmith Snagit screen capture software and the TechSmith Video Review software through June 30th, 2020.


"Our screen recording tool, TechSmith Snagit, and our asynchronous collaboration platform, TechSmith Video Review, will be provided for free through the end of June 2020 to any organization that needs it," TechSmith announced.


For existing customers of the TechSmith Relay or Video Review products, TechSmith is providing free increased usage with no charge.
Zoho


Zoho is now offering free access to its Remotely remote work software suite through July 1st, 2020.


"Zoho Remotely will enable you to take your work remote by offering a complete suite of web and mobile apps that will help you communicate, collaborate and be productive."
Zoom


For people in China, Zoom has enhanced the Basic (free) license by removing the 40-minute meeting limit.


With this tenet in mind, Zoom is doing everything we can to provide resources and support to those navigating the coronavirus outbreak, including:
For our Basic (free) users in China, we’ve lifted the 40-minute limit on meetings with more than two participants, providing unlimited time to collaborate.
We’re proactively monitoring servers to ensure maximum reliability amid any capacity increases, as uptime is paramount.
We’re scheduling informational sessions and on-demand resources so anyone can learn how to use the Zoom platform with ease — and at their convenience.