Coronavirus-Related Malware Crops Up & How To Unlock Your Phone


Users concerned about the spread of coronavirus will want to be on the lookout for a new piece of unlock-code-changing malware that claims to track the virus's spread. Dubbed CovidLock by researchers at DomainTools, the malware stems from the domain coronavirusapp[.]site. Users are prompted to download the malicious app for real-time COVID-19 tracking.

Once downloaded, the application requests permissions and acts to eventually enact a device password change. Specifically, that's the password required to unlock the smartphone. Then, the malware presents users with a ransom note rather than their typical lock screen. The note demands users to send $100 in bitcoin while clicking through the associated link to do so will request an additional $150.

If users don't pay up, the threat claims, personal data including pictures, videos, and social media accounts will be leaked publicly. Finally, the ransom tells users their location is being tracked and that if they "try anything stupid" their phone's data will be erased.


Why is CovidLock a real threat to Android users?

As shown in the steps below, CovidLock presently doesn't represent much of a threat to users in its current state. It could also evolve or be changed in the future to act more maliciously or to be more difficult to overcome. The real threat of this malware is that it feeds off of users' concerns coronavirus and then builds from that by making it impossible to unlock their smartphone.

Right now, there are plenty of myths and misconceptions surfacing about coronavirus and associated COVID-19. While many of those are easily debunked, the widespread panic has given rise to plenty of misinformed apps. Those have since been removed from the Google Play Store. But Google has no control over apps published to sites outside of its primary market for Android.

Since users are spending more time researching the virus, bad actors are focusing their efforts there. This app is particularly threatening to users because it claims, falsely, that it can help track the spread of associated illnesses. That's something that simply isn't possible with any accuracy since testing kits are in short supply.


In effect, the app leads users based on relevant fears. And then it locks down their device with no evidence that paying off the attacker will actually solve anything.

If you've been affected by this malware, here's how to unlock your phone

This malware only works on devices that are still running Android 7.0 Nougat or older variants of the OS. For newer handsets, the malware only works if no lock screen password has been set up.

For anybody who happens to have fallen victim to this particularly malicious fake coronavirus-tracking malware, it's fairly easy to unlock an affected device. So there's no reason to worry too much about the current iteration of the attack.


That's because researchers with DomainTools have already decrypted the key to unlock smartphones. It also appears as though there's no real damage associated with the malware. The threats outlined above appear to have been empty for now.

The key to unlocking phones that have been hit by CovidLock is "4865083501" — as provided by DomainTools. That can be entered on the lock screen. Then, users simply need to hit the "Decrypt" button. The decryption key is 'static'. So that's going to remain the same unless the malware evolves. Users will want to ensure that they uninstall the offending application immediately upon unlocking their smartphone.

corinavirus ransom note from DomainTools