A new ransomware strain dubbed CryCryptor targeting Android users, particularly users in Canada posing as an official COVID-19 tracing app from Health Canada.
The CryCryptor is a new ransomware based on the open-source ransomware CryDroid published on Jun 11, 2020.
The malicious campaign started after the Canadian government announced the official tracing app, according to sources the app is still in the testing phase and to be live possibly next month.
Security researchers from ESET observed that malicious COVID-19 tracing app distributed using two third-party websites and not through Google Play.
Once the malicious app launched in the device it seeks permission to access files on the device, once permission provided it encrypts files with certain extensions.
The extensions include txt, jpg, BMP, png, pdf, doc, Docx, ppt, pptx, avi, Xls, vcf, pdf, and db files.
The ransomware encrypts files only and not lock the device, it leaves a “readme” file in every directory with encrypted files that have the attacker’s email address.
The good news here is that we are having a decryption tool available for this ransomware, ESET researchers discovered a bug with the malicious app which allows them to create a decryption tool.
Researchers published a video that shows the process of encryption and decryption.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
COVID-19 Research Organizations Attacked by Chinese Hackers Group
Trickbot Malware Campaign Targets users with COVID-19 Themed Malspam
Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers…
Trend Micro's Cyber Risk Exposure Management (CREM) solution has highlighted the critical role that timely…
In a sophisticated onslaught targeting the open-source ecosystem, reports have emerged detailing several malicious npm…
A glaring vulnerability has come to light within Samsung's One UI interface: the clipboard history…
A new malware named "RustoBot" has been discovered exploiting vulnerabilities in various router models to…
Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing advanced…