As reported by DomainTools, the Android app in question poses as a tool for tracking the spread of coronavirus but carries ransomware called CovidLock.
It looks pretty legit and tricks the user into giving accessibility and lock screen permissions, which ultimately leads to the phone being compromised and locked.
Essentially, the ransomware encrypts the entire thing, locking the user out of their own device.
After locking, CovidLock seeks $100 in ransom
Once the ransomware locks the phone, it asks for a decryption code and shows a message telling the phone owner to pay $100 in Bitcoin.
The message - presumably from the criminals behind the malicious app - notes that failing to make the payment within 48 hours would lead to the deletion of all the content on the phone, starting from contacts/messages to pictures/videos.
Android Nougat offers protection against this attack
While the attack is scary, the researchers at DomainTools note that Android Nougat offers protection against the ransomware hack.
However, in order to use that to your advantage, you need to have password protection enabled on your phone.
If that is not the case, the ransomware-laced app would be able to encrypt your device and all its data.
Hackers often use fear to drive profits, DomainTools emphasized
"Cybercriminals like to exploit people. They use dramatic events that cause people to be emotional or fearful to drive their profits. Any time there are major news cycles happening on a topic that stirs a strong reaction, cybercriminals will not be far behind."
How to avoid being attacked?
The malicious Android app appears to be spreading through a legitimate-looking 'coronavirus tracker' website.
It is not available on the Play Store, given that Google has already blocked most app searches related to coronavirus and COVID-19 on the marketplace.
Now, this means downloading well-rated, government-authorized health apps from the Play Store could be the key to dodge this ransomware attack.