Are Coronavirus Tracking Apps Honeypot for Hackers?

The coronavirus pandemic is making the headlines for all the wrong reasons. The outbreak has become a massive risk in terms of online privacy. According to the research of a mobile security company called Lookout, an Android app known as “Corona live 1.1” uses the Johns Hopkins coronavirus tracker which is a reliable resource for tracing infection rates, death ratios, recovery rates from all around the world.

The vicious app acts as a surveillance camera when you use the app to keep an eye on the devastating impacts of the COVID-19 crisis. It can access your Android devices’ photos, locations, videos, and camera as well. Ironically, hackers try to access cameras that help them take pictures, record audio, and videos.   

A fake coronavirus tracking app is ransomware 

Hackers are exploiting the current coronavirus pandemic situation to a certain extent. Recently, they have created a malicious app by the name of “COVID-19 Tracker” which works as a coronavirus map tracker. 

On the contrary, it locks your phone and asks you to pay a ransom of 100$ to hackers in the form of bitcoin within two days (48 hours). Surprisingly, the app is not available on the Google Play Store, but users are downloading it from the website.

The website encourages users to download this app through a message “for Android users: to obtain the real-time or actual number of coronavirus cases based on your GPS location, please download the mobile app version of the website and activate ‘accurate reporting’ for the best experience.”  

Once you open the app after downloading and installing it on your Android smartphone, it asks you to lock the screen of your mobile phone to provide you an instant alert about the nearest coronavirus patient. Furthermore, the app needs your permission to access your Android phone’s accessibility setting for the sake of active state monitoring.

covid 19 trackng app

If you grant such permissions to the app, ransomware is enabled called “CovidLock,” and at the same time a ransom note appears on the screen:

“Your phone is encrypted: You have 2 days (48 hours) to pay $100 [sic] in bitcoin, or everything will be removed.

  1. What will be erased? Your contacts, your photos, and videos, all social media accounts will be leaked publicly and the phone memory will be deleted completely
  2. How to save all your data? You need a decryption code that will help you to disarm the app and unlock your data back as it was before
  3. How can you get the decryption code? You have to send 100$ [sic] in bitcoin to the address [sic] below, you should click the button to see the code below.

Note: Your GPS is monitored, and your location is known, if you try anything stupid, your phone will be automatically erased.”

coronavirus tracking app

A text file is given at the end of the note in which victims have to enter the decryption code. Likewise, a “Decrypt” button is placed under the text file.

According to Tarek Saleh and Chad Anderson from an internet security company DomainTools, users can still protect themselves against the CovidLock ransomware. However, they must use the latest Android 10 or Android Q operating system and have enabled passwords to unlock their phones. 

Otherwise, they can become victims of this cyber attack if they do not use the latest Android Q operating system and have not activated passwords on their Android phones. Luckily, the research team of DomainTools has released the decryption key publicly. It allows victims of CovidLock ransomware to unlock their phones without paying the ransomware.  

On the other hand, hackers will have to generate another decryption key by rewriting the malware to attack Android users in the near future. Moreover, new decryption will not affect users who have already installed the malicious apps on their devices.

DomainTools is tracking the hackers’ Bitcoin wallet to see if any user has paid them the ransom amount or not. As of now, no one has paid the amount to hackers. 

India’s COVID-19 contact tracking app is a honeypot for hackers

There is no denying that India is one of the world’s most populated countries. According to the viewpoint of a security researcher Baptiste Robert, Aarogya Setu, India’s Health Bridge App may expose COVID-19 patients’ locations to official authorities alongside hackers.

The app offers one particular feature that allows users to check the whereabouts of nearby infected people. That said, the feature lets users change their GPS location to know how many people have reported themselves as positive within the radius of 500 meters.

Hackers can easily exploit this flaw for their benefit as they can use a triangulation attack to verify a potential positive coronavirus patient’s diagnosis. Besides the triangulation risk, the former FTC technology Soltani has raised a privacy concern about the app’s GPS location tracking feature and asserted that the intended purpose of this tracking app is privacy-invasive

How to protect yourself from Coronavirus tracking apps’ privacy issues?

 Here is the list of actions you should follow to safeguard your Android devices from potential coronavirus tracking apps’ security breaches:

Always use a VPN before connecting to public Wi-Fi networks

Public Wi-Fi networks are undoubtedly the easiest targets for hackers to access your crucial information online. Therefore, you should use a VPN to mask your actual IP address. This way, you can spoof your online locations and encrypt your whole internet traffic in no time. 

As a result, you can keep hackers at bay since they are unable to inject or alter your data. Before selecting a VPN service of your choice to protect your digital footprints, you should go through a detailed review of ExpressVPN or any other premium VPN provider.  

Get information from credible sources 

When it comes to attaining information related to the COVID-19 crisis, always rely on the government’s official websites or trustworthy research institutions. You should avoid visiting sites that are not secured with SSL on your mobile devices.

Download Android apps from the Google Play Store

You must download only reliable apps that are available exclusively on the Google Play Store. Do not trust any third-party site at the time of downloading an Android app.

Install the latest operating systems and apps on your mobile device

You must install the latest versions of operating systems and apps on your Android smartphones. Similarly, you should not click emails that include health-related content or links at any cost. Aside from using the latest apps, there is no harm in installing the updated antivirus software on your mobile device.

Wrapping Up

People are bound to use the internet to keep themselves informed regarding the coronavirus pandemic. But, this web surfing activity becomes a lucrative opportunity for hackers. It also serves as a reminder that hackers are still working hard, and we should not take them lightly at all.

Hence, you should follow the recommendations mentioned above accordingly to protect your devices as much as possible.