Android malware CovidLock (distributed as Coronavirus Tracker) could be found on a website that promised to help track the spread of the dangerous COVID-19 infection. But instead, once it was downloaded and installed, the malicious app would lock the screen of your device by changing its password. CovidLock would then demand a ransom of $100 to be paid in 48 hours. Else, CovidLock threatened to delete your files and expose your social media (empty threats).
The good news is that the decryption code that CovidLock is asking for has been found by a Reddit user – it’s 4865083501.
Coronavirus Tracker Ransomware quicklinks
In short about CovidLock:
|Type of threat||Trojan,
|Signs of danger||No links to confirm Coronavirusapp.site’s claims,
antivirus apps detect CovidLock as malware.
|How to remove it||Use the code 4865083501 to unlock your phone,
use an antivirus app.
How CovidLock spreads
As Domaintools..com reports, CovidLock was made available for download as a Coronavirus Tracker on a site called Coronavirusapp.site. The site claimed that Coronavirus Tracker was certified by the World Health Organization, CDC, and the Department of Education. From Coronavirusapp.site:
Get Instant Notification when a Coronavirus Patient is Near You, View local coronavirus outbreak status in an easy to navigate app with data pulled directly from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). Stay in touch with latest statistics about your city and state from leading organizations as well as descriptions and prevention tips of the Coronavirus (COVID19).
It also said that the tracker app had 500 million downloads and 6 million reviews. Coronavirusapp.site did not have any links proving those things. The IPs associated with the site were known to be used for malware months earlier.
Still, the design of Coronavirusapp.site was nice enough and the subject of COVID-19 sweeping the globe was and still is very pertinent. So, CovidLock (Coronavirus Tracker) was downloaded and installed by quite a few users who hoped to be kept up-to-date on COVID-19 infections.
Unfortunately, these people then found an ominous warning on their screen:
YOUR PHONE IS ENCRYPTED: YOU HAVE 48 HOURS TO PAY 100$ in BITCOIN OR EVERYTHING WILL BE ERASED
Luckily, someone downloaded CovidLock and decompiled it, releasing the hardcoded password – 4865083501.
How to avoid mobile malware
Coronavirus Tracker was distributed as an APK and not on the Google Play Store. Which is pretty suspicious. Google does allow us to download and install apps as APK files from any website, but the official app store for Android is the Google Play Store. It is the safest way to get your apps because the Play Store takes measures to protect users:
- bans apps for malicious behavior,
- displays what access apps require,
- collects reviews and ratings, letting people share their experience,
- allows app reporting.
Downloading APKs to install apps is not advised unless you absolutely trust the developer. APKs also make it easier for criminals to spread fake apps, so be careful of those, too.
Sure, there are also be malicious apps on the Google Play Store – such as AnubisCrypt, a file-locking ransomware app – if they manage to get past the screening process that Google uses to weed out malware. It’s definitely harder to spread malware on there.
How to remove CovidLock
One way to get rid of CovidLock is to do a factory reset of your device – but, understandably, most people would like to avoid doing something so drastic.
As you can see on this VirusTotal page, some mobile antivirus programs do detect CovidLock as malware. You can download an antivirus tool that you trust and use it to get rid of CovidLock.
You can also delete unwanted apps from your home screen: long-press the app icon and press the ‘X’ icon or drag the app’s icon to the top of your screen. You can also open Settings, go to Apps, and App data, and find CovidLock (Coronavirus Tracker), open its info, and choose to remove it.
The instructions will be slightly different for different Android versions, so you may need to look up how to remove apps on your specific phone or tablet.