CATEGORIES
home News

Alleged Android COVID-19 Tracing App Hides Sneaky CryCryptor Ransomware Payload

by Shane McGlaunThursday, June 25, 2020, 09:30 AM EDT
ransomware

A new ransomware attack is underway in Canada that targets people concerned about COVID-19 by posing as an official tracing app provided by Health Canada. ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims. CryCryptor surfaced only a few days after the Canadian government announced that it intended to back the development of a nation-wide, voluntary tracing app called COVID Alert.

The actual tracing app from Health Canada is due to start rolling out in Ontario as soon as next month. ESET says that it informed the Canadian Centre for Cyber Security about the new threat as soon as it was identified. The below above shows the webpage for the ransomware-infested COVID-19 Tracer App. Once the victim downloads and installs the app, all the most common file types on the device are encrypted.

tracer app

CryCryptor didn't lock the device and left behind a "readme" file with the attacker's email in every directory with encrypted files. ESET says that when the ransomware turned up on its radar, it discovered on investigation a bug of the type "Improper Export of Android Components" that MITRE labels as CWE-926 in the app. CWE-926 is a bug that allows any app installed on the affected device to launch any exported service provided by the ransomware.

tracer shield

That bug is what allowed ESET to create the decryption tool, which launches the decrypting functionality that was built into the ransomware app by its creators. The image below shows the file types that the ransomware encrypts. The image above shows the message left behind with the encrypted files. ESET was able to create the decryption tool thanks to CryCryptor storing its encryption key in shared preferences. The decryption app is available for download at no cost for those impacted by the malware.

CryCryptor isn't the first malware to try and leverage fears of coronavirus/COVID-19 as a method of attacking smartphone or computer users. Microsoft announced in May that it was tracking a massive phishing malware campaign that propagated using malicious Excel spreadsheets promising coronavirus data.

Tags:  Android, Malware, Ransomware, coronavirus, covid-19, crycryptor
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment