Researchers at DomainTools have identified a malicious domain (coronavirusapp[.]site) that is used to trick victims into downloading a malicious Android app. While this app claims to provide real-time tracking and statistics about the Coronavirus outbreak, in reality, the only thing this app provides is a family of ransomware dubbed “CovidLock.”
By forcing a password change, CovidLock is able to prevent victims from accessing their phones. This is known as a screen-lock attack. Currently, the operators are requesting $100 in bitcoin, with a 48-hour deadline to pay. If the extortion is not paid in time, the threat actors behind the malicious app threaten to delete data from the victim’s device and publicly leak private information from social media accounts.