An another ransomware by the name ‘CryCryptor’ is now targeting Canadian Android users. It’s been distributed via several websites that pose as portals for a government-backed COVID-19 tracking application.
In line with a recent research published by ESET on 24th June, CryCryptor appeared shortly after Canada’s govt revealed a Coronavirus tracking application that employs voluntary information submitted by the citizens.
Once the victim installs the illicit application, the ransomware encrypts all files, leaving a “readme” note with the attacker’s email rather than locking the device. For this particular attack, ransom instructions appear to only be distributed via email.
Ransomware Project On GitHub For Research Purposes…Really?
The ransomware’s code uses an open source project that’s available at the GitHub. Experts dismiss the claim that this ransomware “project” is for the research purposes:
“The developers of the open source ransomware, who named it CryDroid, must have known the code would be employed for several malicious purposes. In an effort to disguise the project as research, they claim they uploaded the code to the VirusTotal service. While it’s unclear who uploaded the sample, it indeed appeared on VirusTotal the very same day the code was uploaded on GitHub.”
ESET analysts recently created an Android decryption application for victims of CryCryptor. They clarify that it only works with the present version.
As reported earlier on 28th April, cybercriminals are posing as FBI in an attempt to defraud Android users.
Also earlier this year, an another study revealed by the Colombian Chamber of Informatics & Telecommunications added that solely in 2019, 89% of malware on Android within the country included code for crypto-mining.