Coronavirus Tracking App Named ‘CovidLock’ Taking Control of Smartphones to Demand Ransom


As if getting infected by the Coronavirus wasn’t a threat by itself, we now face the risk of our smartphones getting affected by COVID-19 as well. There is a malicious mobile virus on the loose that locks up your smartphone and demands a ransom from you to unlock your phone or risk losing data and have your personal social media information leaked online. The recently discovered ransomware, which has been dubbed “CovidLock”, infects Android phones by cashing in on the current Coronavirus panic online. Read on to know how it works and how you can avoid getting your phone infected with CovidLock.

CovidLock Smartphone Virus: How it Works

Currently, the Coronavirus scare has people constantly tuned in to news sources online to stay informed and up to date on the intensity of the outbreak. It can be tricky to find legitimate information regarding the spread of the virus in your city/area, and it is this gap in information that the app exploits, according to researchers from DomainTools. CovidLock promises you critical information regarding the virus and also a heat map of outbreaks near you. You eventually end up on a slick, legitimate-looking website, coronavirusapp[.]site (please do not visit this site), where you are encouraged to download the app, which promises to update you when new cases are detected in your vicinity. Given that most people are constantly looking for new information online regarding COVID-19, sometimes even the most cautious people could get tricked into downloading this.

Once downloaded, the malicious app immediately locks your phone and demands a payout of USD $100 worth of Bitcoin, to return access to you. It gives you a deadline of 48 hours and claims to have a GPS tag on you so you don’t “try anything funny”. The app claims that if you don’t pay up, it will delete all the data stored on your phone, including pictures, photos and contacts.

The CovidLock app is ineffective if your phone runs Android Nougat and later versions of Android AND you have a screen lock in place. It will affect your device if you don’t use any password or PIN to lock your phone.

CovidLock Ransomware: How to Remove It

The good news is that DomainTools, the cybersecurity research company that discovered CovidLock, have already reverse engineered the ransomware code and come up with a key to disable it, and will have the key online on its site for people to use. It is critical to note that the app only works if you don’t use any security lock on your phone. And since most people do have some lock screen or PIN in place, it should only affect a small percentage of Android users.

In conclusion, as long as you are wary of where you get your information from, you should be fine. Scammers are good at what they do, and can easily make their websites look realistic by including certification from the World Health Organization(WHO) and other important organizations, to appear legitimate. The solution is to stick to a couple of sources for your information — maybe a government website or the WHO website itself. Stay safe, mad lads!