CovidLock is the latest malware doing the rounds as cyber criminals prey on coronavirus fears, warns Associate Professor Paul Haskell-Dowland, Associate Dean for Computing and Security at Edith Cowan University’s School of Science. However, he says there are simple ways to protect yourself. Read on to learn more:
“Just as the public are getting to grips with the Coronavirus fallout, cyber criminals are taking advantage of the wave of fear. This isn’t a new technique, and certainly will not be the last time that major events, incidents and emergencies are misused by those with a desire to profit.
The most recent example (named CovidLock) has targeted the Android operating system with a dedicated ransomware attack. Users are tricked into installing a tool to track the Coronavirus’ spread across the globe. This application purports to offer users a mechanism to visualise outbreaks and track statistics, but in reality, conceals ransomware that locks the user out of their device.
Ransomware is a particularly dangerous form of malicious software (malware). In most cases, ransomware locks a user out of their files by encrypting them with a secret password that is only returned to the user once they pay the ransom (usually paid with bitcoin).
CovidLock follows this model by demanding $100 in bitcoin to unlock the device, although, at present, it seems that the users’ files are not actually encrypted (made inaccessible). Instead it is the pin code for the device itself that is manipulated. Using a ‘screen lock attack’ is an interesting approach that differs from the more usual ransomware approach of encrypting files. Users failing to pay the ransom will allegedly have their data wiped with further threats that their social media accounts will be made public.
The CovidLock example has the potential to be particularly successful as it plays on the victims’ concerns regarding Coronavirus. The app claims to notify the user when they are in close proximity to an infected person. It is understandable why this may be a desirable feature at a time when fear over exposure is growing. Fortunately it seems that this particular approach has not yet secured significant returns for the criminals . It is, however, likely that this will change over time.
It isn’t just malware that is targeting users. There are traditional scams that prey on a desire for information or products in relation to the outbreak. With thousands of websites having been registered this year, the UK National Fraud Intelligence Bureau (NFIB) has collected evidence of scams and crimes exceeding $1.5m so far this year.
As with most cyber incidents, users can effectively defend themselves with simple measures:
By using approved sources for apps, users can protect themselves against many threats. For Android devices, the Google Play Store offers a level of reassurance against malware (although not complete immunity). Users who install unauthorised software from websites or other stores are likely to face greater risks.
Thinking about the permissions being granted to apps is also important. CovidLock can only successfully lock the device when granted certain permissions (specifically access to the lock screen).
Thinking twice about ‘too-good-to-be-true’ opportunities – it is clearly impossible for an app to know if you are in proximity of an infected individual. The required data is not available to offer such services to the public. Even if it was possible, it would be a significant breach of privacy and would represent a major threat to personal safety.
Cyber criminals are no different to those committing crimes in the physical world. The Coronavirus outbreak is merely a business opportunity for those motivated to exploit weaknesses. Just as we are directed to follow social-distancing and good personal hygiene to combat infection; it is through education and cyber-hygiene that users can avoid compromise.”
About the author: Associate Professor Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University.
For more stories like this: