HOMETHREATSCovidLock
APT / THREAT GROUP

CovidLock

1
aliases

Intelligence Profile

Mobile ransomware. The Zscaler ThreatLabZ team recently came across a URL named hxxp://coronavirusapp[.]site/mobile.html, which portrays itself as a download site for an Android app that tracks the coronavirus spread across the globe. In reality, the app is Android ransomware, which locks out the victim and asks for ransom to unlock the device.

The app portrays itself as a Coronavirus Tracker. As soon as it starts running, it asks the user for several authorizations, including admin rights.

In fact, this ransomware does not encrypt nor steal anything and only lock the device with an hard coded code.

Threat Analysis

CovidLock is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases1

Also Known As

CovidLock

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
CovidLock — APT / Threat Group | Threat Intelligence | CTIWATCH.COM