Fake COVID-19 Tracing App Found in Canada Having Ransomeware
It did not take criminals long to take advantage of Prime Minister Justin Trudeau's announcement in search of a fake Canadian COVID-19 tracing app with ransomware that Canada approved the COVID-19 tracing app for action.
According to security vendor ESET, it discovered two fake websites that were quickly created after the June 18 announcement of Canadian sites designed to be officially seen, a so-called official Android official COVID-19 tracing The app was allegedly endorsed by Health Canada. "Sites use a confirming domain and usually lack specific spelling mistakes, making it easier to monitor intelligently," ESET said in a news release late Tuesday.
And while the application can be reassuring, it includes an Android ransomware named CryCaptor that encrypts files on the victim's smartphone. They are then told to email the attacker "to discuss recovery".
The ESET said that on Tuesday it informed the Canadian Center for Cyber Security, the federal department that advises the public and private sectors on protecting critical infrastructure.
Alexis Doris-Jonas, head of ESET's research and development team in Montreal, said in an interview this morning that the two sites - which were hosted in the Netherlands - were down until Tuesday afternoon. No other site is distributing fake apps so far.
A screen shot of the fake Canadian COVID app web site was taken below. In a statement this afternoon, the Canadian Center for Cyber Security has confirmed that two phone sites have been taken down while working with "a commercial partner".
The statement said, "During the global COVID-19 pandemic, CyberCenter has worked closely with industry partners and commercial and international cyber response teams to facilitate the removal of malicious websites, including government departments in Canada and Agencies have been rigged. "
“These efforts have resulted in the removal of a significant number of Canadian-themed fraud sites that were specifically designed for malicious cyber activity, such as phishing and malware delivery. "Canadians must exercise constant vigilance and awareness about fake and malicious web sites and applications related to COVID-19 who are attempting to steal money or personal information, including fake COVID-19 exposure notification applications."
This includes, the statement added, downloading applications only from the trusted App Store. Follow the cyber center on Twitter at https://twitter.com/cybercentre_ca and on its web site for the latest security alerts and updates on being cyber safe during the COVID-19 pandemic: www.cyber.gc.ca "Extra Caution Android Users of the device have been urged, "ESET's Doris-Jonas said," as the plan nears the real deal.
"Smartphone users should only download the app from trusted official sources such as Google Play or Apple Stores."
The Real Exposure notification app is to be released on July 2 in Ontario for beta testing. Governments around the world have launched the COVID-19 app. Started distributing, to help with manual contact tracing that criminals started releasing fake apps full of malware.
In March, Domain Tools discovered a site offering a real-time Android Coronavirus outbreak tracker. That allegedly contained statistical information about the spread of COVID-19. Instead, it dubbed Kodidock, a new strain of ransomware, that it forced a change in the password used to unlock the phone.
It did. It demanded $ 100 in bitcoin within 48 hours or the data would be erased. However, phones on Android 7 and above are protected from this attack. Fake COVID apps and fake websites are among the ways criminals have responded to the epidemic.
Governments and law enforcement have taken advantage of The agencies are trying to fight back. In early May, the Canadian Center for Cyber Security said it had taken over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians since the beginning of the year.
Once governments started distributing COVID-19, aid funds for individuals and business criminals also followed with fake application websites. Doris-Jonas said the first indication of fake Canadian websites and apps came from a tip on Twitter two days ago.
He was not surprised at the move as hackers often exploit something in the news - in this case Trudeau's announcement - on which to base an attack campaign. (This story has been updated from the original, incorporating comments from Doris-Joncas of ESET and statements from CyberCenter.)
According to security vendor ESET, it discovered two fake websites that were quickly created after the June 18 announcement of Canadian sites designed to be officially seen, a so-called official Android official COVID-19 tracing The app was allegedly endorsed by Health Canada. "Sites use a confirming domain and usually lack specific spelling mistakes, making it easier to monitor intelligently," ESET said in a news release late Tuesday.
And while the application can be reassuring, it includes an Android ransomware named CryCaptor that encrypts files on the victim's smartphone. They are then told to email the attacker "to discuss recovery".
The ESET said that on Tuesday it informed the Canadian Center for Cyber Security, the federal department that advises the public and private sectors on protecting critical infrastructure.
Alexis Doris-Jonas, head of ESET's research and development team in Montreal, said in an interview this morning that the two sites - which were hosted in the Netherlands - were down until Tuesday afternoon. No other site is distributing fake apps so far.
A screen shot of the fake Canadian COVID app web site was taken below. In a statement this afternoon, the Canadian Center for Cyber Security has confirmed that two phone sites have been taken down while working with "a commercial partner".
The statement said, "During the global COVID-19 pandemic, CyberCenter has worked closely with industry partners and commercial and international cyber response teams to facilitate the removal of malicious websites, including government departments in Canada and Agencies have been rigged. "
“These efforts have resulted in the removal of a significant number of Canadian-themed fraud sites that were specifically designed for malicious cyber activity, such as phishing and malware delivery. "Canadians must exercise constant vigilance and awareness about fake and malicious web sites and applications related to COVID-19 who are attempting to steal money or personal information, including fake COVID-19 exposure notification applications."
This includes, the statement added, downloading applications only from the trusted App Store. Follow the cyber center on Twitter at https://twitter.com/cybercentre_ca and on its web site for the latest security alerts and updates on being cyber safe during the COVID-19 pandemic: www.cyber.gc.ca "Extra Caution Android Users of the device have been urged, "ESET's Doris-Jonas said," as the plan nears the real deal.
"Smartphone users should only download the app from trusted official sources such as Google Play or Apple Stores."
The Real Exposure notification app is to be released on July 2 in Ontario for beta testing. Governments around the world have launched the COVID-19 app. Started distributing, to help with manual contact tracing that criminals started releasing fake apps full of malware.
In March, Domain Tools discovered a site offering a real-time Android Coronavirus outbreak tracker. That allegedly contained statistical information about the spread of COVID-19. Instead, it dubbed Kodidock, a new strain of ransomware, that it forced a change in the password used to unlock the phone.
It did. It demanded $ 100 in bitcoin within 48 hours or the data would be erased. However, phones on Android 7 and above are protected from this attack. Fake COVID apps and fake websites are among the ways criminals have responded to the epidemic.
Governments and law enforcement have taken advantage of The agencies are trying to fight back. In early May, the Canadian Center for Cyber Security said it had taken over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians since the beginning of the year.
Once governments started distributing COVID-19, aid funds for individuals and business criminals also followed with fake application websites. Doris-Jonas said the first indication of fake Canadian websites and apps came from a tip on Twitter two days ago.
He was not surprised at the move as hackers often exploit something in the news - in this case Trudeau's announcement - on which to base an attack campaign. (This story has been updated from the original, incorporating comments from Doris-Joncas of ESET and statements from CyberCenter.)
No comments