Global  

Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software

National Post Wednesday, 24 June 2020 ()
Malicious computer ransomware specifically targeting Canadians was embedded in a fake COVID-19 contact-tracing app disguised as official government of Canada software.

The bogus application for mobile phones was advertised as Health Canada-approved and cleverly distributed through coronavirus-themed websites that look remarkably like formal government of Canada sites.

The malware was compiled the same day Prime Minister Justin Trudeau announced a nationwide contact-tracing phone app that will alert a user if they have come into contact with someone who tests positive for COVID-19, according to ESET, a computer security firm that discovered the malware’s purpose.

Downloading the bogus app activates a hidden program called CryCryptor that hijacks the user’s data and holds it for ransom. The hackers demand payment for releasing the private data files.

“Once the user falls victim to CryCryptor, the ransomware encrypts the files on the device — all the most common types of files — but instead of locking the device, it leaves a ‘readme’ file with the attacker’s email in every directory with encrypted files,” said Lukáš Štefanko, an ESET malware researcher.

The company alerted the Canadian Centre for Cyber Security, a government computer security agency that is part of the Communications Security Establishment, on Tuesday, ESET said.

The fake government websites distributing the app went offline shortly afterwards. They remained offline on Wednesday.

Meanwhile, ESET researchers also managed to crack the malicious app’s code and wrote a decryption tool that can rescue victims’ data.

“Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app,” said Štefanko.

Hackers prepared the source code for the malicious program on June 11. The next day, a web site was registered using a .ca domain, the internet country code for Canada, according to Štefanko.

· How contact tracing apps are tracking COVID-19 infection
· Opt in or opt out? Officials face difficult ethical decision over COVID-19 contact tracing apps

On June 18, at a televised media briefing, Trudeau announced an official, nationwide contact-tracing app was in the works and encouraged all Canadians with a smartphone to download it to help officials slow the spread of the novel coronavirus.

“People can be confident that this is an easy measure that they can have to continue to keep us all safe as we reopen,” Trudeau said. “The app will be most effective when as many people as possible have it.”

The public announcement seems to have spurred the hackers into action. A second official-looking website pushing the app was registered June 21.

“Let’s work together to stay safe,” the bogus sites declare above Health Canada and government of Canada logos. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can reopen the economy,” the site says, mimicking the message outlined by Canadian officials. The sites use convincing domain names and avoid the obvious grammar and spelling mistakes often found on fraud sites that make it easier to spot a dodgy site.

“This scheme looks close to the real deal,” said Alexis Dorais-Joncas, head of ESET’s Montreal-based research and development team.

The app was only for phones using the Android mobile operating system, the most widely used phone software system.

ESET researchers in Slovakia discovered the dangerous purpose behind the malicious apps after it was first flagged as a banking app.

The real government-approved COVID contact-tracing app is not yet available. The official app will be released in Ontario first and then rolled out across Canada.

With the bogus sites down, security companies aware of it and a decryption solution available, this specific app no longer poses a threat, ESET said.

Other malevolent apps based on the CryCryptor code could be produced and released in the future.

The Communications Security Establishment did not respond to requests for comment prior to deadline.

• Email: [email protected] | Twitter: AD_Humphreys
0
shares
ShareTweetSavePostSend
 

Related videos from verified sources

Social distancing compromised at large-scale government work program in India [Video]

Social distancing compromised at large-scale government work program in India

A major government work scheme in India has been questioned for their ability to maintain social distancing for the thousands of labourers it employs. Work under the Mahatma Gandhi National Rural..

Credit: Newsflare     Duration: 01:34Published
Covid-19 tracing app unlikely to be available until after June 1 [Video]

Covid-19 tracing app unlikely to be available until after June 1

Downing Street confirmed that the track and tracing app will be rolled out “in the coming weeks” – after human contact tracing, which will be in place by June 1. The Prime Minister’s official..

Credit: PA - Press Association STUDIO     Duration: 01:07Published
Sadiq Khan wants London to be first to introduce track and trace [Video]

Sadiq Khan wants London to be first to introduce track and trace

London Mayor Sadiq Khan has urged ministers to introduce a new contact tracing and testing regime in the capital ahead of other parts of the country. “I know that in London the R number is down. I..

Credit: PA - Press Association STUDIO     Duration: 01:44Published

Tweets about this

C_Panourgias

Christine Panourgias💻 RT @webhivehosting: Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software! #Covid #Secu… 8 hours ago

Chang_ElisaTY

Elisa Ting-Yi Chang RT @cyberpolicyx: Cybercriminals are getting smarter - hijacking government policy announcements with ransomware. Canada will need to take… 1 day ago

cyberpolicyx

Cybersecure Policy Exchange Cybercriminals are getting smarter - hijacking government policy announcements with ransomware. Canada will need to… https://t.co/dHCoMzNbnP 1 day ago

KermodeE

Kermode Education RT @MediaSmarts: The bogus application for mobile phones was advertised as Health Canada-approved and cleverly distributed through coronavi… 3 days ago

webhivehosting

Web Hive Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software! #Covid… https://t.co/3Z0EgP2BYw 3 days ago

MIGS_AI

AI and Global Stability Initiative In Canada, a fake contact-tracing app, masquerading as the official version now being rolled out nationwide, is tar… https://t.co/krT3w6k90K 4 days ago

swfleischman

Steve Fleischman Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software https://t.co/RjSjKJx0vY 4 days ago

underlabs

underlabs ⚠️ Beware of #Fake Covid-19 Tracing Apps. #Canada https://t.co/ykAbBjjCMy 4 days ago