Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • New CryCryptor Ransomware Masqueraded as COVID-19 Tracing App
  • Data Breach
  • Malware

New CryCryptor Ransomware Masqueraded as COVID-19 Tracing App

6 years ago David Bisson
New CryCryptor Ransomware Masqueraded as COVID-19 Tracing App

Security researchers came across a new ransomware family called “CryCryptor” that masqueraded as a Canadian COVID-19 tracing app.

CryCryptor emerged just days after the Canadian government announced it would support the development of a national, voluntary tracing app for COVID-19 called “COVID Alert.”

That official app had not yet entered its testing phase in Ontario at the time of this writing.

ESET analyzed CryCryptor and found that the threat was based on CryDroid, a form of “Android Ransomware source code for researchers” which was available on GitHub.

As if educational ransomware strains have ever worked out before.

In this particular case, CryCryptor capitalized on successful installation by requesting the permission to access files on the infected device. It then abused that right to encrypt files on external media with certain extensions using AES. This process led the ransomware to append “.enc” to each file it had affected as well as to generate a unique salt (ending in “enc.salt”) along with an initialization vector (“enc.iv”) for each encrypted file.

Meanwhile, the crypto-malware removed the original file from the infected computer. It’s then that the threat displayed its ransom note.

File encryption notification (left) and contents of the readme_now.txt file (right). (Source: ESET)

Fortunately, the Slovakian security firm was able to develop a decryption tool that enabled victims of CryCryptor to recover their files for free. ESET’s researchers described how they were able to do this:

The service responsible for file decryption in CryCryptor has the encryption key stored in shared preferences, meaning it doesn’t have to contact any C&C to retrieve it. Importantly, the service is exported without any restriction in the Android Manifest (security weakness CWE-926), which means it is possible to launch it externally.

ESET explained that it notified Canadian Centre for Cyber Security about the ransomware threat as soon as it discovered it. It also notified GitHub about the risks involving CryDroid.

The post ” New CryCryptor Ransomware Masqueraded as COVID-19 Tracing App” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Android, COVID-19, Encryption, Malware, Ransomware, TripWire

Continue Reading

Previous State of Insider Data Breaches in 2020
Next Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

16 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Why Agentic AI Is Security’s Next Blind Spot

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

20 hours ago [email protected] (The Hacker News)

Recent Posts

  • New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
  • RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
  • New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
  • Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
  • Why Agentic AI Is Security’s Next Blind Spot

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT