PHOTO
Dubai, UAE – ESET researchers, thanks to a tweet announcing a discovery of what was thought to be Android banking malware, discovered a ransomware operation targeting Android users in Canada. Using two COVID-19-themed websites, the attackers behind the operation lured people to download a ransomware app disguised as an official COVID-19 tracing tool. Now, both websites are down. ESET researchers wrote a decryption tool for CryCryptor’s victims, based on a bug in the malicious app.
“CryCryptor contains a bug in its code that allows any app installed on the affected device to launch any service provided by the buggy app. So we created an app that launches the decrypting functionality built into CryCryptor,” explains Lukáš Štefanko, who conducted the research.
The targeting of the ransomware operation, including its timing, coincides with the announcement by the Canadian government of the intention to back the development of a nationwide, voluntary tracing app to be called COVID Alert.
“Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app,” comments Štefanko.
With the malicious websites down, security vendors aware and the decryptor available, this app no longer poses a threat. However, this is true only for the one particular version of CryCryptor.
CryCryptor is based on an open source code. “We notified GitHub, where the code is hosted, but they don’t have an excellent track record in taking down malicious projects,” comments Štefanko.
ESET products provide protection against the CryCryptor ransomware, detecting it as Android/CryCryptor.A.
“Besides using a quality mobile security solution, we advise Android users to install apps only from reputable sources such as the Google Play store,” concludes ESET’s Štefanko.
For more details, read the blog post “New ransomware uses COVID-19 tracing guise to target Canada; ESET offers decryptor” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
© Press Release 2020
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
