|An application named “Koronavirus haqida”, threat actors have begun looking for ways to take over mobile devices. The end result is being locked out of the affected device. As with other malicious applications, this is downloaded from outside official sources. Once installed, the application locks the screen and displays a ransom note. The ransom note includes a time limit by which to pay the ransom. The time limit is a false flag as the code contains nothing that enforces that limit. The device is genuinely locked and the malware survives a reboot. In newer versions of the Android OS (8.0 and above), the keys on the device are not locked, however, the user is still unable to manually uninstall the software. Should the victim attempt to circumvent the protection, the device will display a message stating that functionality will be restored upon payment. The malware can be removed via Android Debug Bridge or booting into safe mode. Should the victim pay the ransom, they will be able to uninstall the software through regular uninstall means. The malware has been reported in Ukraine, Russia, and certain countries in Central Asia such as Kazakhstan and others.|
|Locks out users from their device|
|Block all threat indicators at your respective controls.|
Always download legitimate applications from the playstore.