As Prime Minister Justin Trudeau was announcing a new app to help notify Canadians who may have been exposed to the COVID-19 virus, hackers were already trying to use it to scam unknowing users.
Discovered by ESET researchers in Slovakia, the Android ransomware named CryCyptor, was tracked back to June 18, the day Trudeau officially announced the federal government’s nation-wide mobile app to provide notifications of exposure to COVID-19. Initial plans were to beta test the app in Ontario.
ESET, a global leader in IT security with offices across Canada, informed the Canadian Centre for Cyber Security about the threat as soon as it was identified.
The ransomware is distributed through two fake websites that are designed to look like official Government of Canada sites, falsely advertising an official COVID-19 tracing app endorsed by Health Canada. The sites use convincing domains and are lacking the typical spelling mistakes that usually make it easy for a discerning eye to spot it as a risk.
Once a user installs the fake app, it encrypts files on your phone and asks the user to email the attacker “to discuss recovery.” ESET has quickly built a decryption tool based on an analysis of the encryption mechanism used. The tool is available for free on ESET’s Github repository.