Coronavirus Tracker Ransomware

Android malware CovidLock (distributed as Coronavirus Tracker) could be found on a website that promised to help track the spread of the dangerous COVID-19 infection. But instead, once it was downloaded and installed, the malicious app would lock the screen of your device by changing its password. CovidLock would then demand a ransom of $100 to be paid in 48 hours. Else, CovidLock threatened to delete your files and expose your social media (empty threats).

The good news is that the decryption code that CovidLock is asking for has been found by a Reddit user – it’s 4865083501.

In short about CovidLock:

Known as CovidLock,

Coronavirus Tracker,

Type of threat Trojan,


screen locker.

Signs of danger No links to confirm’s claims,

antivirus apps detect CovidLock as malware.

How to remove it Use the code 4865083501 to unlock your phone,

uninstall CovidLock,

use an antivirus app.

How CovidLock spreads

As reports, CovidLock was made available for download as a Coronavirus Tracker on a site called The site claimed that Coronavirus Tracker was certified by the World Health Organization, CDC, and the Department of Education. From

Get Instant Notification when a Coronavirus Patient is Near You, View local coronavirus outbreak status in an easy to navigate app with data pulled directly from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). Stay in touch with latest statistics about your city and state from leading organizations as well as descriptions and prevention tips of the Coronavirus (COVID19).

It also said that the tracker app had 500 million downloads and 6 million reviews. did not have any links proving those things. The IPs associated with the site were known to be used for malware months earlier.

Still, the design of was nice enough and the subject of COVID-19 sweeping the globe was and still is very pertinent. So, CovidLock (Coronavirus Tracker) was downloaded and installed by quite a few users who hoped to be kept up-to-date on COVID-19 infections.

Unfortunately, these people then found an ominous warning on their screen:


Luckily, someone downloaded CovidLock and decompiled it, releasing the hardcoded password – 4865083501.

CovidLock pretends to be endorsed by WHO and CDC.

How to avoid mobile malware

Coronavirus Tracker was distributed as an APK and not on the Google Play Store. Which is pretty suspicious. Google does allow us to download and install apps as APK files from any website, but the official app store for Android is the Google Play Store. It is the safest way to get your apps because the Play Store takes measures to protect users:

  • bans apps for malicious behavior,
  • displays what access apps require,
  • collects reviews and ratings, letting people share their experience,
  • allows app reporting.

Downloading APKs to install apps is not advised unless you absolutely trust the developer. APKs also make it easier for criminals to spread fake apps, so be careful of those, too.

Sure, there are also be malicious apps on the Google Play Store – such as AnubisCrypt, a file-locking ransomware app – if they manage to get past the screening process that Google uses to weed out malware. It’s definitely harder to spread malware on there.

How to remove CovidLock

One way to get rid of CovidLock is to do a factory reset of your device – but, understandably, most people would like to avoid doing something so drastic.

As you can see on this VirusTotal page, some mobile antivirus programs do detect CovidLock as malware. You can download an antivirus tool that you trust and use it to get rid of CovidLock.

You can also delete unwanted apps from your home screen: long-press the app icon and press the ‘X’ icon or drag the app’s icon to the top of your screen. You can also open Settings, go to Apps, and App data, and find CovidLock (Coronavirus Tracker), open its info, and choose to remove it.

The instructions will be slightly different for different Android versions, so you may need to look up how to remove apps on your specific phone or tablet.

Leave a Reply

Your email address will not be published. Required fields are marked *