A fake COVID-19 contact tracing app posing as an official application from the government is targeting Canadians with malicious ransomware.
The National Post reports that the fake app was advertised as being approved by Health Canada, and was distributed through false websites that looked like legitimate government platforms.
The fake app was created the day Prime Minister Justin Trudeau announced that the government was launching an official nationwide contact tracing app.
A computer security firm called ESET found the app and notified the Canadian Centre for Cyber Security. The fake government websites that were distributing the app went offline afterwards.
Once the fake app is downloaded, it activates a program call ‘CryCyptor.’ This program then hijacks the user’s data, after which Hackers demand payment in order to release the private files.
“Once the user falls victim to CryCryptor, the ransomware encrypts the files on the device, all the most common types of files, but instead of locking the device, it leaves a ‘readme’ file with the attacker’s email in every directory with encrypted files,” a researcher at the firm told The National Post.
The firm was able to crack the app’s code and created a decryption tool that can be used to retrieve victims’ information and files.
Researchers at the firm say the app was designed to piggyback off the official COVID-19 contact tracing app. The hackers prepared the source code on June 11th, and registered a domain for a .ca website.
As we get closer to the official launch of a nationwide contact tracing app, we’ll likely see more malicious copycats, similar to how we saw hackers trying to exploit Canadians applying for the CERB aid. It’s a reminder only to get information from official government websites and to be cautious when downloading apps and other software.
Source: The National Post