When Apple and Google said that they would jointly track coronavirus patients, they simply opened Pandora's box, from which hackers and other attackers immediately poured out. The incident in Canada could be far more serious than just another app to cash in on smartphone users. As is often the case, it was aimed at getting money, but not, as is most often the case – in the background due to advertising – but straight ahead. Simply put, the phone of a gullible user who cares about his health could simply fail and stop working forever. What was it, why is it dangerous and how not to fall for the bait of scammers?
Hackers can do anything. Even disguise your apps as good ones.
How hackers simulate coronavirus tracking apps
The case, which cannot be ignored, happened quite recently in Canada. It happened on the same day that Prime Minister Justin Trudeau announced a voluntary nationwide contact tracing application for coronavirus patients. The hackers have created a ransomware application known as CryCryptor. The essence of this application is that it encrypts all smartphone data and does not allow it to be used until the victim pays for such a “right”. In order for everyone to understand everything, a message with instructions was displayed on the screen. There was nothing else on the screen.
Fortunately, the security research team at ESET has figured out the schema. At the moment, this particular application cannot be considered a mass threat, but it showed the direction of the emergence of the next vulnerability. There is a significant risk that such forms of extortion may soon become much more common and begin to appear around the world. Next, we'll look at how to avoid such security issues and avoid falling prey to scammers.
Fraudsters do not know morality and profit from any topic. It is now a coronavirus.
The likelihood that a victim will infect their phone with this virus depends on how loyal they are to installing applications from third-party sources, that is, not from Google Play. Viruses, of course, also get there, but most often they are much more harmless. In the case of CryCryptor, we can say that if you never install applications via APKs, you are already one hundred percent protected from trouble.
How to protect yourself from hackers
Those who do not understand what they are talking about and are ready to install everything from third-party sources should know how the attackers work. The user first goes to the official website, which has a link in the Google Play Store, to download a contact tracing app for coronavirus patients. There he is asked to click on the “download in Google Play” button. In appearance, everything looks like real and the victim dulls his vigilance.
After the user clicks on the button, he does not go to Google Play, but directly to download the file. As soon as it downloads (this happens quickly), it will immediately be prompted to install it. If the phone does not have a ban on installing third-party applications, everything will be even easier.
What happens after installing a virus application
When the app is installed, what will the user do? Of course, it will launch it. At this moment, it will begin to perform its malicious tasks – it will encrypt all the phone data and will demand money.
The user will receive only text information, which will tell you how to contact the scammers and pay them. If the user does not pay or decrypt the files himself, his data will be blocked forever.
It is better to download applications only from Google Play.
Two of the websites that ESET found that hosted CryCryptor have already been closed. However, it is only a matter of time before other hackers adopt the same principle. This is not to say that he has not met before, but right now there is a reason to force him to download a specific application. The rest of the time, such excitement around one thing usually does not happen.
Is CryCryptor Virus Dangerous?
Fortunately, at the moment ESET has already developed a tool that allows the victim to get the “antidote”, but all this, as they say, for the time being. The hackers who made this virus acted in haste and, most likely, simply did not have time to work out everything in detail. If more serious specialists get down to business, the risk of serious consequences will be much higher than this time.
Once again, we see that some of the opportunities and indulgences that electronics manufacturers give us lead to the fact that we ourselves are in danger. As it has been proven many times in practice, we need protection from ourselves. In the case described above, even an experienced user could fall for the bait, let alone beginners or just gullible people.
We again proved the golden rule that you can only be as secure as possible by refusing to install third-party applications. If you still use them, then you need to understand where you are downloading the file from, and be one hundred percent sure of its safety. It's not worth the risk.