Coronavirus Scam Targets Phone Users with An Android App for Sextortion

In these trying times, when the world is under a global threat from Coronavirus, and its strain COVID-19, cybercrooks see an opportunity for profit. While most people do their best to survive the pandemic, these malicious individuals exploit the situation for their benefit.

There have already been countless websites crafted to offer Coronavirus-related information. Ones that, ultimately, turn out to be malware-ridden shams. Cyber attackers turn to every trick that they think may lead to profit – corrupted links and sites, bogus apps, fake maps. Their lust for personal gain knows no bounds.

One of the latest scams, created by cybercrooks, gives focus on a deceitful Android application. The app got made to bait unwitting users into unknowingly inviting malware into their devices.

There's a website that promotes the app as useful, and it makes several bold claims. It boasts the app as a helpful 'Coronavirus Tracker' tool. The landing page greets you with 'Track Real-Time Coronavirus Outbreak in your Street, City, and State.' That's not the only promise it makes. It also claims that if you trust it, you can 'Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries.' Do NOT fall for these falsehoods! The malicious cybercrooks, behind the site and the app, spin webs of deceit, hoping you'll fall for them so that they can prey on you. Don't let their endeavor prove successful.


The landing page of the sham site promising lies. Source: nakedsecurity.sophos.com

The cybercriminals, behind the app, gave it the name COVID 19 TRACKER. They put effort into the facade of their deception by crafting a seemingly believable logo for their scam.


The icon of the COVID 19 TRACKER app. Source: nakedsecurity.sophos.com

To give credit to their bogus app, the people behind it had it jam-packed with 'certifications.' Each one of them is fake. As you can see in the image below, they claim legitimacy by boasting the US Department of Education, the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).


The landing page of the website, alongside the Download section with all the 'certifications.' Source: nakedsecurity.sophos.com

As the image above clearly shows, you can download the app from the sham website itself. You cannot find it on Google Play. The cybercriminals, behind the trickery, provide you with a [DOWNLOAD APK] button, which you can use to get the application, they're pushing as legitimate. It's not, and you shouldn't. Don't fall for the deception. There aren't enough ways to stress that – you're dealing with scammers pushing a scam.

What to expect once the bogus app lands on your device?

Once you get the sham application and run it, it immediately begins to ask for a variety of permissions. A slew of demands follows, and that should be your first red flag.

The app seeks approval to keep itself running in the background, as well as to have lock screen access, and to use Android's accessibility features. It warns you that it may drain your battery but still refuses to run unless you grant its request. Once you click its 'SCAN' button, it promises to provide you with the latest updates regarding Coronavirus, as well as clue you in if you're near someone who has been affected by COVID-19. That's how the app justifies its need for lock screen access. Supposedly, that allows it to send you instantaneous warnings, or as its marketing puts it: 'instant alert when a coronavirus patient is near you.' That is a colossal lie, and you should not believe it. No app has the power to assess whether someone near you suffers from Coronavirus. That's a claim made by malicious money-hungry cybercriminals looking for ways to profit off of people's fear surrounding the pandemic.

Another red flag is the application's request for administrator rights. No legitimate, reliable app needs admin rights, and not a single trustworthy one would ask you to allow them. That's suspicious and should raise concerns.

If you are to grant admin rights to an application, that application tends to be one related to security. Most security apps need those rights to access your phone because they're looking out for the safety of your device. They sweep all your applications, links, content, all of it, and try to verify whether there's something malicious lurking, or if all's well. An app claiming to scan people around you to check if they have a dangerous viral infection hardly makes the list of apps, worthy of such trust. The bogus COVID 19 TRACKER app does not deserve admin rights. Don't make the mistake of allowing them.

The crooks behind the app use sextortion to blackmail you

The actual reason why the app needs so many permissions and requests is so that it can reach any nook and cranny of your phone unimpeded. Once it has access to your apps and, pretty much, everything you keep on your phone, the malware strikes.

The malicious software makes it impossible for you to use your phone. It wastes no time and quickly intrudes on your normal phone-related activities – making calls and texting, even using the camera. It establishes itself as a barrier between you and your device. It doesn't let you open your Settings and tinker there, thus ensuring you won't be able to remove it by taking away its permissions.

The application locks you out of your phone. Every app you try to open, you get greeted with a ransom demand.


The extortion message crafted by the cybercriminals. Source: nakedsecurity.sophos.com

As the image above shows, their statement is rather frightening. The crooks threaten to send every picture and video you ever took on your phone to every contact you keep on it. In the cybersecurity field, this technique of extortion is known as 'sextortion.' These unknown individuals lock your phone and demand payment to unlock it. To further incentivize you into paying, they layout threats, as well as give you a deadline. In this case, your time runs out after 24 hours. Even if you don't have any compromising content on your phone, the thought of it getting sent to everyone on your contact list is scary. It's an atrocious privacy breach.

The ransom amount listed by the cyber extortionists is $250. Do NOT pay! Even if the requested amount was a single dollar, payment is still ill-advised. Most cases of cyber extortion don't end with a best-case scenario. It's quite the opposite as a lot of cybercriminals get your money and leave you hanging. They cease all communications with you, and don't bother sending the code they promised would unlock your device.

Even if you do get the numbers, which they claim would free your phone from their grip, it might still prove futile. What if it doesn't work? They could have sent you the wrong numbers. You should also note that even if the exchange goes swimmingly – you pay, get the right unlocking numbers, and free your phone, you're not in the clear yet! The code, these people promise you, only gives you back control over your device. It does not remove the malicious software that stole it from you in the first place. If you choose to go along with the extortion, comply, and do get a code that works, don't delay the malicious application's deletion! As soon as you get the chance, get rid of COVID 19 TRACKER.

Stay vigilant! Looks can be deceiving

If you wish to avoid falling prey to such malicious cybercrooks, be on your guard. Keep a lookout for spelling and grammar mistakes, differences between logos and colors – a lot of spoofs of legitimate tools make them slightly off from the actual thing they're copying. Look for the red flags that indicate something doesn't seem right. And, if you should come across something suspicious, don't disregard it, but do research. Check it out and verify it as valid. A little bit of research can save you quite a lot of issues in the future. Be wary, be vigilant, and be thorough. Also, needless to say, if the Android app you choose to trust and download doesn't come from the Google Play Store, that's your first red flag.

As stated, lots of malicious tools try to appear legitimate by ripping off the visuals from truly genuine apps. Naturally, the people behind the 'Coronavirus Tracker' tool did the same, as well. As you can see below, they used the images from an application found on the Google Play Store. One, which embodies their vision and carries a good rating, as well.


On the left, you can see the copied content, and on the right – the original one from a Google Play app. Source: nakedsecurity.sophos.com

Appearances can be deceiving, so heed experts' advice and be attentive when you try to verify the credibility of claims made by apps, sites, and whatnot. Your future self will thank you for your caution.

By Zane
March 31, 2020
Android Malware
English
March 31, 2020
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Coronavirus Scam Uses a Fake COVID-19 Map Pushing an App That Lets Cybercrooks Spy on You Through Your Phone

We are currently living through a pandemic. Coronavirus is spreading rapidly and has become a global issue. People are scared, and the news is only adding to that fear. Every time you turn on a TV, open a site, or any... Read more

March 25, 2020
How To

How to Autofill Passwords on Your Android Phone

Autofill is a handy feature that allows your device to automatically fill in forms and user credential fields with your data. Akin to password managers, which can fill out the information in other apps and websites... Read more

November 13, 2019
How To

How to View Saved Passwords in Android Chrome App

Google Chrome might offer to save passwords now and then when you enter them into websites. Android owners can rapidly access, delete, or export stored passwords through the mobile device's browser. Follow this guide... Read more

November 8, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.