Fake COVID-19 tracing app with ransomware discovered

By Thomas I. Likness
EBC Edmonton Bureau

EDMONTON (Eagle News) — Scammers never sleep and their latest target is Canada’s COVID-19 tracing app, a cybersecurity company said Wednesday.

ESET said two fake websites that look like official Canadian government sites advertised an official COVID-19 tracing app allegedly endorsed by Health Canada.

The sites contained computer ransomware, known as CryCryptor, in the fake app.

The bogus sites popped up just days after last Thursday’s announcement by Prime Minister Justin Trudeau that the government had a nationwide contact tracing app. The official app will be rolled out for testing in the province of Ontario as soon as next month.

“Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app,” said Lukas Stefanko, in an ESET company release.

The ransomware encrypts personal files on the victims’ smartphones. They are then told to email the attacker to discuss recovery.
Both fake website have been taken down according to ESET and the ransomware is no longer a threat.

“CryCryptor contains a bug in its code that allows any app installed on the affected device to launch any service provided by the buggy app, said Stefanko. “So, we created an app that launches the decrypting functionality built into CryCryptor.”

(Eagle News Service)