Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software
Wednesday, 24 June 2020 ()
Malicious computer ransomware specifically targeting Canadians was embedded in a fake COVID-19 contact-tracing app disguised as official government of Canada software.
The bogus application for mobile phones was advertised as Health Canada-approved and cleverly distributed through coronavirus-themed websites that look remarkably like formal government of Canada sites.
The malware was compiled the same day Prime Minister Justin Trudeau announced a nationwide contact-tracing phone app that will alert a user if they have come into contact with someone who tests positive for COVID-19, according to ESET, a computer security firm that discovered the malware’s purpose.
Downloading the bogus app activates a hidden program called CryCryptor that hijacks the user’s data and holds it for ransom. The hackers demand payment for releasing the private data files.
“Once the user falls victim to CryCryptor, the ransomware encrypts the files on the device — all the most common types of files — but instead of locking the device, it leaves a ‘readme’ file with the attacker’s email in every directory with encrypted files,” said Lukáš Štefanko, an ESET malware researcher.
The company alerted the Canadian Centre for Cyber Security, a government computer security agency that is part of the Communications Security Establishment, on Tuesday, ESET said.
The fake government websites distributing the app went offline shortly afterwards. They remained offline on Wednesday.
Meanwhile, ESET researchers also managed to crack the malicious app’s code and wrote a decryption tool that can rescue victims’ data.
“Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app,” said Štefanko.
Hackers prepared the source code for the malicious program on June 11. The next day, a web site was registered using a .ca domain, the internet country code for Canada, according to Štefanko.
· How contact tracing apps are tracking COVID-19 infection
· Opt in or opt out? Officials face difficult ethical decision over COVID-19 contact tracing apps
On June 18, at a televised media briefing, Trudeau announced an official, nationwide contact-tracing app was in the works and encouraged all Canadians with a smartphone to download it to help officials slow the spread of the novel coronavirus.
“People can be confident that this is an easy measure that they can have to continue to keep us all safe as we reopen,” Trudeau said. “The app will be most effective when as many people as possible have it.”
The public announcement seems to have spurred the hackers into action. A second official-looking website pushing the app was registered June 21.
“Let’s work together to stay safe,” the bogus sites declare above Health Canada and government of Canada logos. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” the site says, mimicking the message outlined by Canadian officials. The sites use convincing domain names and avoid the obvious grammar and spelling mistakes often found on fraud sites that make it easier to spot a dodgy site.
“This scheme looks close to the real deal,” said Alexis Dorais-Joncas, head of ESET’s Montreal-based research and development team.
The app was only for phones using the Android mobile operating system, the most widely used phone software system.
ESET researchers in Slovakia discovered the dangerous purpose behind the malicious apps after it was first flagged as a banking app.
The real government-approved COVID contact-tracing app is not yet available. The official app will be released in Ontario first and then rolled out across Canada.
With the bogus sites down, security companies aware of it and a decryption solution available, this specific app no longer poses a threat, ESET said.
Other malevolent apps based on the CryCryptor code could be produced and released in the future.
The Communications Security Establishment did not respond to requests for comment prior to deadline.
• Email: [email protected] | Twitter: AD_Humphreys
Related videos from verified sources
Tweets about this