Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Ransomware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

‘About Coronavirus’ app locks Android screens with repackaged malware

An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites.

Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and and parts of India and North Africa.

The Uzbek-language app, called "Koronavirus haqida" or "About Coronavirus," confounds its victims by locking the screen, prohibiting access and demanding a ransom payment to restore proper functionality. A ransom note says victims only have 20 minutes to pay before the phone is rendered unusable, but the threat is empty. However, the malware does require some effort to eradicate -- it survives a reboot and must be removed via the Android Debug Bridge or Safe Mode.

The ransom note instructs the victim to call a phone number to make a payment and then receive the code to unlock the phone. Strangely, the code, which is hard-coded into SLocker, is the same as the phone number itself, just without the "+" sign.

Back in March, researchers at DomainTools reported a similar scam that infected users with a screen locker by disguising it as an app that supposedly offered statistics on the COVID-19 pandemic and a heat map of outbreak hotspots. According to DomainTools, the malware in that case, dubbed CovidLock, was a newly discovered program, while in this instance, the malware seems to merely be a redressed version of SLocker.

"Users with a voracious appetite consume everything that's coronavirus-related, and in this case, the app would lock the screen of the phone, prompting people to pay for a code to return the control of their device," explains a Bitdefender company blog post by analyst Silviu Stahie and researcher Adina Mateescu. "While it's not as damaging as ransomware, the average user will have a hard time distinguishing between threats, as the result is the same, and that’s getting locked out of your device."

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.