Fake COVID-19 tracking app spreads Punisher Ransomware

Fake COVID-19 tracking app spreads Punisher Ransomware

Remember when malicious actors were spreading nerdy RAT through fake WHO security emails about COVID-19? Well, if you think that threat actors and fraudsters have given up on covid-19 related scams, then you are wrong as Punisher ransomware is out there using fake COVID-19 tracking apps.

New scam on the block

Accessing reliable sources for COVID-related updates is just as important now as it was at the height of the pandemic. That’s because researchers at Cyble Research and Intelligence Labs (CRIL) have discovered a brand new variant of the Punisher ransomware being distributed through a fake COVID-19 tracking app available on a covid-19-theme-based website (covid19 digital health advicecl).

Fake COVID-19 tracking app spreads Punisher Ransomware
Punisher Ransomware ransom note

Attack analysis

Since this COVID-19 scams involve ransomware, the malicious activities start right after the malware infiltrates the system. It quickly adds data to ransom, including victims’ unique ID, system ID, BTC address, date of infection, and JavaScript codes.

After this is done, the timer is started to ensure that the ransom amount continues to increase as time passes. the ransom appears on the desktop, boot and start menus as a shortcut to a file titled “unlock files.ink”. Punisher encrypts the following data on the targeted device:

  1. Notifies user
  2. Download files
  3. Check Connection
  4. Generate password
  5. Generate SystemID
  6. Make connection

Who are the targets?

The attackers are targeting individuals in Chile in this campaign and for file decryption they demand $1000 in bitcoin. Researchers believe that the attackers are targeting individuals and not companies for this scam.

See also  Reached one million users and accelerated two million downloads

Their analysis is based on its modus operandi, the use of Punisher ransomware and the malware’s use of the symmetric AES-128 algorithm to encrypt data.

How to stay protected?

You must exercise caution when accessing or downloading any COVID-19-related apps or websites. Prefer to download applications from authentic sources. In addition, it is necessary to carry out regular backups, activate automatic updates and install the best anti-virus solutions. Also, avoid clicking on attachments in e-mails from unverified or unknown sources.

If you suspect that your device may be affected by the ransomware, immediately disconnect all other devices sharing the network and external storage (if any) and continue to monitor system logs for suspicious activity.

  1. Lessons from the COVID-19 cyber attack: Where do we go from here?
  2. Fed seizes scam domain claiming to provide COVID-19 vaccine
  3. Fake government COVID-19 tracking app spreads Android ransomware
  4. Ransomware attack on health tech firm disrupted COVID-19 trials
  5. Dark web scammers selling ventilators and MP3 files to kill the coronavirus

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *