Fake Canadian COVID-19 tracing app with ransomware discovered

It didn’t take long for criminals to take advantage of Prime Minister Justin Trudeau’s announcement that Canada has approved a COVID-19 tracing app to go into action.

According to security vendor ESET, it discovered two fake websites designed to look like official Government of Canada sites were quickly created after the June 18 announcement, advertising a so-called official Android official COVID-19 tracing app allegedly endorsed by Health Canada.

“The sites use convincing domains and are lacking the typical spelling mistakes that usually make it easy for a discerning eye to spot it as a risk,” ESET said in a news release late Tuesday.

And while the app may look convincing, it contains Android ransomware named CryCyptor that encrypts files on the victim’s smartphone. Then they are told to email the attacker “to discuss recovery.”

ESET said that on Tuesday it notified the Canadian Centre for Cyber Security, the federal department that advises the public and private sectors on protecting critical infrastructure. In an interview this morning Alexis Dorais-Joncas, lead of ESET’s research and development team in Montreal, said the two sites — which were hosted in the Netherlands — were down by Tuesday afternoon. No other sites are distributing the fake app so far.

Screen shot of fake Canadian COVID app web site before it was taken down

In a statement this afternoon the Canadian Centre for Cyber Security confirmed that working with “a commercial partner” the two phony sites have been taken down.

“Throughout the global COVID-19 pandemic, the Cyber Centre has worked closely with industry partners and commercial and international cyber response teams to facilitate the removal of malicious websites, including those that have spoofed Canadian Government departments and agencies,” said the statement. “These efforts have resulted in the removal of a significant number of Canadian themed fraudulent sites that were designed specifically for malicious cyber activity, such as phishing and malware delivery.

“Canadians must exercise constant vigilance and awareness about fake and malicious web sites and applications related to COVID-19 that are attempting to steal money or personal information, including fake COVID-19 exposure notification applications.” That includes, the statement added, only downloading applications from trusted app stores.

For the latest security alerts and updates on how to stay cyber safe during the COVID-19 pandemic follow the Cyber Centre on twitter at https://twitter.com/cybercentre_ca and its web site: www.cyber.gc.ca

“Extra caution is urged for users of Android devices,” ESET’s Dorais-Joncas said, “as this scheme looks close to the real deal.” Smartphone users should only download apps from reliable official sources such as Google Play or Apple stores.”

The real exposure notification app is scheduled to be released July 2nd in Ontario for beta testing.

It wasn’t long after governments around the world began distributing COVID-19 apps to help manual contact tracing that criminals started releasing malware-filled fake apps. In March, Domain Tools reported finding a site offering a real-time Android Coronavirus outbreak tracker that allegedly had statistical information about the spread of COVID-19. Instead, it carried a new strain of ransomware dubbed CovidLock, which forced a change in the password used to unlock the phone. It demanded $100 in bitcoin within 48 hours or data would be erased. However, phones with Android 7 and up are protected from this attack.

Fake COVID apps and fake websites are among the ways criminals have taken advantage of the pandemic. Governments and law enforcement agencies are trying to fight back. At the beginning of May, the Canadian Centre for Cyber Security said it had taken down over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians since the start of the year.

Once governments began distributing COVID-19, support funds for individuals and business criminals also followed with fake application websites.

Dorais-Joncas said the first hint of the fake Canadian websites and app came two days ago from a tip on Twitter. He wasn’t surprised at the move because hackers often take advantage of something in the news — in this case Trudeau’s announcement — to base an attack campaign on.

(This story has been updated from the original to include comments from ESET’s Dorais-Joncas and the statement from the Cyber Centre.)

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now