A new ransomware called CryCryptor is aimed at Canadian Android users. It is spread across multiple websites and serves as a portal to a government-supported COVID-19 tracking app.
According to a study published by ESET on June 24 CryCryptor appeared shortly after the Canadian government announced a COVID-19 tracking application that uses information voluntarily provided by citizens.
Once the victim installs the fake application, the ransomware encrypts all of their files and leaves a “read me” note with the attacker’s email instead of blocking the device. For this particular type of attack, the rescue instructions appear to be distributed only via email.
An open source ransomware
The code for this ransomware is based on an open source project that is available through GitHub. Experts reject claims that this ransomware “project” is for research purposes:
“The developers of this open source ransomware, which they called CryDroid, must have known that the code was used for malicious purposes. When they tried to disguise the project as an investigation, they stated that the code was in the VirusTotal service Uploaded It is clear who uploaded the sample. In fact, the code appeared in VirusTotal on the same day the code was published on GitHub. “
ESET analysts recently developed a decoder for Android. This application is said to help CryCryptor victims. They make it clear that it only works with the current version of the ransomware.
On April 28, Cointelegraph reported that A cybercriminal pretended to be an FBI to rob users of Android devices.
At the beginning of this year A study published by the Colombian Chamber of Information Technology and Telecommunications found that 89% of malware on Android devices in the country contained codes for cryptocurrency mining in 2019.