This ransomware poses as a Covid-19 tracing app

News
By published

CryCryptor ransomware encrypts a victim's an entire smartphone

Phone malware
(Image credit: Shutterstock)

Security researchers at ESET have discovered a new ransomware called CryCryptor which has been posing has an official Canadian Covid-19 tracing app.

The ransomware emerged only a few days after the Canadian government announced its intention to back the development of a nation-wide, voluntary tracing app called COVID Alert that will be rolled out for testing in Ontario as soon as next month. 

CryCryptor is distributed from two websites that claim it is a Covid-19 tracing app when in reality it is just a new ransomware family. Once a user installs the fake app on their smartphone, the ransomware encrypts all of the files on their device but instead of locking it, CryCryptor leaves a “readme” file with the attacker's email in every directory alongside the encrypted files. Once all the target files have been encrypted, a notification is displayed on the device which reads “Personal files encrypted, see readme_now.txt”.

Thankfully though, after analyzing the app, ESET researchers discovered an “Improper Export of Android Components” bug that allowed them to create a decryption tool.

CryCryptor

By using a simple search based on the fake Covid-19 tracing app's package name and a few strings, ESET researchers discovered that the CryCryptor ransomware is based on open source code available on GitHub.

The developers behind the open source ransomware gave it the name CryDroid before uploading it to the developer platform. They also attempted to disguise the project as research by claiming they uploaded the code to VirusTotal. 

At this time, it is still unclear as to who uploaded CryDroid in the first place but the code appeared on VirusTotal the same day it was published on GitHub. In a blog post, ESET researchers explained that there is no way the project was designed for research purposes as “no responsible researcher would publicly release a tool that is easy to misuse for malicious purposes”.

For those who have accidentally fallen victim to CryCryptor, you can download ESET's Android decryption app though the security company warns that the app will only work for this version of the ransomware.

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Latest in News
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what's happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
US flags
US government IT contracts set to be centralized in new Trump order
More about security
Lock on Laptop Screen

Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
23andMe

23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
See more latest