Saturday, April 19, 2025
HomeAndroidNew Ransomware Attacks Android Devices Encrypts Photos and Videos Posing as COVID-19...

New Ransomware Attacks Android Devices Encrypts Photos and Videos Posing as COVID-19 Tracing App

Published on

SIEM as a Service

Follow Us on Google News

A new ransomware strain dubbed CryCryptor targeting Android users, particularly users in Canada posing as an official COVID-19 tracing app from Health Canada.

The CryCryptor is a new ransomware based on the open-source ransomware CryDroid published on Jun 11, 2020.

https://twitter.com/NtSetDefault/status/1275380684366974977

The malicious campaign started after the Canadian government announced the official tracing app, according to sources the app is still in the testing phase and to be live possibly next month.

- Advertisement - Google News

Malicious Ransomware Campaign

Security researchers from ESET observed that malicious COVID-19 tracing app distributed using two third-party websites and not through Google Play.

Once the malicious app launched in the device it seeks permission to access files on the device, once permission provided it encrypts files with certain extensions.

The extensions include txt, jpg, BMP, png, pdf, doc, Docx, ppt, pptx, avi, Xls, vcf, pdf, and db files.

Extensions Encrypted

The ransomware encrypts files only and not lock the device, it leaves a “readme” file in every directory with encrypted files that have the attacker’s email address.

The good news here is that we are having a decryption tool available for this ransomware, ESET researchers discovered a bug with the malicious app which allows them to create a decryption tool.

Researchers published a video that shows the process of encryption and decryption.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

COVID-19 Research Organizations Attacked by Chinese Hackers Group

Trickbot Malware Campaign Targets users with COVID-19 Themed Malspam

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

How SMBs Can Improve SOC Maturity With Limited Resources

Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times...

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

How to Conduct a Cloud Security Assessment

Cloud adoption has transformed organizations' operations but introduces complex security challenges that demand proactive...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools

Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...

Researchers Uncover Stealthy Tactics and Techniques of StrelaStealer Malware

Cybersecurity experts have recently shed light on the sophisticated operations of StrelaStealer, also known...