New Ransomware Attacks Android Devices Encrypts Photos and Videos Posing as COVID-19 Tracing App

A new ransomware strain dubbed CryCryptor targeting Android users, particularly users in Canada posing as an official COVID-19 tracing app from Health Canada.

The CryCryptor is a new ransomware based on the open-source ransomware CryDroid published on Jun 11, 2020.

The malicious campaign started after the Canadian government announced the official tracing app, according to sources the app is still in the testing phase and to be live possibly next month.

Malicious Ransomware Campaign

Security researchers from ESET observed that malicious COVID-19 tracing app distributed using two third-party websites and not through Google Play.

Once the malicious app launched in the device it seeks permission to access files on the device, once permission provided it encrypts files with certain extensions.

The extensions include txt, jpg, BMP, png, pdf, doc, Docx, ppt, pptx, avi, Xls, vcf, pdf, and db files.

Extensions Encrypted

The ransomware encrypts files only and not lock the device, it leaves a “readme” file in every directory with encrypted files that have the attacker’s email address.

The good news here is that we are having a decryption tool available for this ransomware, ESET researchers discovered a bug with the malicious app which allows them to create a decryption tool.

Researchers published a video that shows the process of encryption and decryption.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

COVID-19 Research Organizations Attacked by Chinese Hackers Group

Trickbot Malware Campaign Targets users with COVID-19 Themed Malspam

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its GlobalProtect Gateway, identified as CVE-2024-3400. This…

2 days ago

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent update…

2 days ago

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio deepfake technology. This incident underscores the…

2 days ago

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics services, the U.S. Cybersecurity and Infrastructure…

2 days ago

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user privacy across the web. This innovative…

2 days ago

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average number of cyber attacks per organization…

2 days ago