New ransomware attack on the android devices which encrypt Photos and Videos Posing as COVID-19 Tracing Applications.
New ransomware which hit the android users for the particular users in Canada posing as an official COVID-19 tracing app from the health Canada.
The CryCryptor ransomware is used for targeting and is open-source ransomware which is published in Jun 2020.
#Android #Banking #Trojan #Malware@Spam404 @malwrhunterteam
tracershield.apk
covid19tracer.apk
https://tracershield[.ca/download/tracershield.apk
https://covid19tracer[.ca/download/covid19tracer.apk
“faa0efaad40e78bf27ca529171aaf0551db998a276d4ff501209d1f5ef830dfb” pic.twitter.com/ccAwdgKcbA— Re-ind (@ReBensk) June 23, 2020
The campaign which started after the candaina government announced it officially tracing app. From the source, the app is still in the testing phase and to be live possibly next month.
Malicious Ransomware
The security researcher from the team of ESET has discussed the observation that the malicious COVID-19 tracing app is distributed by using two third party websites and not through google play.
Once this malicious app launches in the device it can get access to the files on the device, once permission is provided it encrypts files with certain extensions.
The extensions include txt,jpg,BMP,png,Pdf docx,ppt,pptx,avi,xls.vcf,pdf and db files.
The Ransomware encrypts the file and does not even lock the device where it leaves a “read me: file in every directory with the encrypted files that have the threat actor email addresses”.
ESET researcher has mentioned that they have the good news about having decorating tools that are available for ransomware, the bug with the malinois app which allows them to create decryption tools.
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.
