ESET researchers spotted a tweet announcing the discovery of a new one Android banking malware as originally considered and, further investigating the matter, identified a malicious enterprise ransomware aimed at users Android in Canada.
Using two websites for COVID-19, cybercriminals hiding behind malware, persuaded users to download an app that appeared to be the official contact detection app COVID-19 when in fact it was malware ransomware.
Both websites are currently down. ESET researchers have developed a decryption tool (decryptor) for victims of CryCryptor, which is based on a malicious bug.
CryCryptor malware contains a bug in its code that allows any application installed on the "infected" device to activate any service provided by the application containing the bug. So we created an application that activates the CryCryptor decryption process, ”explained Lukáš ftefanko, who conducted the research.
Starting a business ransomware coincided with the announcement by the Government of Canada to support the development of a national, voluntary coronavirus traceability application called COVID Alert.
"It is clear that the company that uses CryCryptor was designed to take advantage of the official detection application COVID-19”Tefanko comments.
After the shutdown of the websites, the information of the security solution providers and its availability free of charge decryptor, this application is no longer a threat. However, this only applies to a specific version of it ransomware of the CryCryptor family.
The CryCryptor family is based on open source. "We have notified GitHub, which hosts the code, but they do not have a strong history of dealing with malicious projects," comments Štefanko.
ESET products offer protection against ransomware of the CryCryptor family, detected as Android/CryCryptor.A.
"Apart from using a quality mobile security solution, we advise users Android to install applications only from reliable sources, such as the official store Google Play store, ”Concludes the ESET researcher.
For more information, read the relevant blog “New ransomware uses COVID-19 tracing guise to target Canada; ESET offers decryptor”At WeLiveSecurity.