An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites.

Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and and parts of India and North Africa.

The Uzbek-language app, called "Koronavirus haqida" or "About Coronavirus," confounds its victims by locking the screen, prohibiting access and demanding a ransom payment to restore proper functionality. A ransom note says victims only have 20 minutes to pay before the phone is rendered unusable, but the threat is empty. However, the malware does require some effort to eradicate -- it survives a reboot and must be removed via the Android Debug Bridge or Safe Mode.

Please register to continue.

Already registered? Log in.

Create Free Account Log in to Existing Account

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Topics:

Cybercrime Malware Mobile Ransomware