Coronavirus Scam Targets Phone Users with An Android App for Sextortion

In these trying times, when the world is under a global threat from Coronavirus, and its strain COVID-19, cybercrooks see an opportunity for profit. While most people do their best to survive the pandemic, these malicious individuals exploit the situation for their benefit.

There have already been countless websites crafted to offer Coronavirus-related information. Ones that, ultimately, turn out to be malware-ridden shams. Cyber attackers turn to every trick that they think may lead to profit – corrupted links and sites, bogus apps, fake maps. Their lust for personal gain knows no bounds.

One of the latest scams, created by cybercrooks, gives focus on a deceitful Android application. The app got made to bait unwitting users into unknowingly inviting malware into their devices.

There's a website that promotes the app as useful, and it makes several bold claims. It boasts the app as a helpful 'Coronavirus Tracker' tool. The landing page greets you with 'Track Real-Time Coronavirus Outbreak in your Street, City, and State.' That's not the only promise it makes. It also claims that if you trust it, you can 'Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries.' Do NOT fall for these falsehoods! The malicious cybercrooks, behind the site and the app, spin webs of deceit, hoping you'll fall for them so that they can prey on you. Don't let their endeavor prove successful.


The landing page of the sham site promising lies. Source: nakedsecurity.sophos.com

The cybercriminals, behind the app, gave it the name COVID 19 TRACKER. They put effort into the facade of their deception by crafting a seemingly believable logo for their scam.


The icon of the COVID 19 TRACKER app. Source: nakedsecurity.sophos.com

To give credit to their bogus app, the people behind it had it jam-packed with 'certifications.' Each one of them is fake. As you can see in the image below, they claim legitimacy by boasting the US Department of Education, the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).


The landing page of the website, alongside the Download section with all the 'certifications.' Source: nakedsecurity.sophos.com

As the image above clearly shows, you can download the app from the sham website itself. You cannot find it on Google Play. The cybercriminals, behind the trickery, provide you with a [DOWNLOAD APK] button, which you can use to get the application, they're pushing as legitimate. It's not, and you shouldn't. Don't fall for the deception. There aren't enough ways to stress that – you're dealing with scammers pushing a scam.

What to expect once the bogus app lands on your device?

Once you get the sham application and run it, it immediately begins to ask for a variety of permissions. A slew of demands follows, and that should be your first red flag.

The app seeks approval to keep itself running in the background, as well as to have lock screen access, and to use Android's accessibility features. It warns you that it may drain your battery but still refuses to run unless you grant its request. Once you click its 'SCAN' button, it promises to provide you with the latest updates regarding Coronavirus, as well as clue you in if you're near someone who has been affected by COVID-19. That's how the app justifies its need for lock screen access. Supposedly, that allows it to send you instantaneous warnings, or as its marketing puts it: 'instant alert when a coronavirus patient is near you.' That is a colossal lie, and you should not believe it. No app has the power to assess whether someone near you suffers from Coronavirus. That's a claim made by malicious money-hungry cybercriminals looking for ways to profit off of people's fear surrounding the pandemic.

Another red flag is the application's request for administrator rights. No legitimate, reliable app needs admin rights, and not a single trustworthy one would ask you to allow them. That's suspicious and should raise concerns.

If you are to grant admin rights to an application, that application tends to be one related to security. Most security apps need those rights to access your phone because they're looking out for the safety of your device. They sweep all your applications, links, content, all of it, and try to verify whether there's something malicious lurking, or if all's well. An app claiming to scan people around you to check if they have a dangerous viral infection hardly makes the list of apps, worthy of such trust. The bogus COVID 19 TRACKER app does not deserve admin rights. Don't make the mistake of allowing them.

The crooks behind the app use sextortion to blackmail you

The actual reason why the app needs so many permissions and requests is so that it can reach any nook and cranny of your phone unimpeded. Once it has access to your apps and, pretty much, everything you keep on your phone, the malware strikes.

The malicious software makes it impossible for you to use your phone. It wastes no time and quickly intrudes on your normal phone-related activities – making calls and texting, even using the camera. It establishes itself as a barrier between you and your device. It doesn't let you open your Settings and tinker there, thus ensuring you won't be able to remove it by taking away its permissions.

The application locks you out of your phone. Every app you try to open, you get greeted with a ransom demand.


The extortion message crafted by the cybercriminals. Source: nakedsecurity.sophos.com

As the image above shows, their statement is rather frightening. The crooks threaten to send every picture and video you ever took on your phone to every contact you keep on it. In the cybersecurity field, this technique of extortion is known as 'sextortion.' These unknown individuals lock your phone and demand payment to unlock it. To further incentivize you into paying, they layout threats, as well as give you a deadline. In this case, your time runs out after 24 hours. Even if you don't have any compromising content on your phone, the thought of it getting sent to everyone on your contact list is scary. It's an atrocious privacy breach.

The ransom amount listed by the cyber extortionists is $250. Do NOT pay! Even if the requested amount was a single dollar, payment is still ill-advised. Most cases of cyber extortion don't end with a best-case scenario. It's quite the opposite as a lot of cybercriminals get your money and leave you hanging. They cease all communications with you, and don't bother sending the code they promised would unlock your device.

Even if you do get the numbers, which they claim would free your phone from their grip, it might still prove futile. What if it doesn't work? They could have sent you the wrong numbers. You should also note that even if the exchange goes swimmingly – you pay, get the right unlocking numbers, and free your phone, you're not in the clear yet! The code, these people promise you, only gives you back control over your device. It does not remove the malicious software that stole it from you in the first place. If you choose to go along with the extortion, comply, and do get a code that works, don't delay the malicious application's deletion! As soon as you get the chance, get rid of COVID 19 TRACKER.

Stay vigilant! Looks can be deceiving

If you wish to avoid falling prey to such malicious cybercrooks, be on your guard. Keep a lookout for spelling and grammar mistakes, differences between logos and colors – a lot of spoofs of legitimate tools make them slightly off from the actual thing they're copying. Look for the red flags that indicate something doesn't seem right. And, if you should come across something suspicious, don't disregard it, but do research. Check it out and verify it as valid. A little bit of research can save you quite a lot of issues in the future. Be wary, be vigilant, and be thorough. Also, needless to say, if the Android app you choose to trust and download doesn't come from the Google Play Store, that's your first red flag.

As stated, lots of malicious tools try to appear legitimate by ripping off the visuals from truly genuine apps. Naturally, the people behind the 'Coronavirus Tracker' tool did the same, as well. As you can see below, they used the images from an application found on the Google Play Store. One, which embodies their vision and carries a good rating, as well.


On the left, you can see the copied content, and on the right – the original one from a Google Play app. Source: nakedsecurity.sophos.com

Appearances can be deceiving, so heed experts' advice and be attentive when you try to verify the credibility of claims made by apps, sites, and whatnot. Your future self will thank you for your caution.

March 31, 2020

Leave a Reply