As if the COVID-19 outbreak itself wasn't bad enough, there are also criminals exploiting people looking for guidance in this time of fear and misinformation. A malicious Android app has popped up that promises to help you track coronavirus cases near you and globally, but it's just a scheme to get some ransomware on your phone.
DomainTools first reported on the app available exclusively outside of the Play Store on a website. The service promises to provide you with a solution that scans and monitors your surroundings for COVID-19 cases. To fully activate it, the app asks you for some highly unusual permissions. It wants to "Activate lock screen to get instant alert when a coronavirus patient is near your" and "enable app in Accessibility for active stats monitoring" — those are both bogus excuses to help it get the necessary permissions to change your lock screen password. Then, it asks you for a $100 bitcoin ransom to get access to your phone again.
Thankfully, most modern handsets updated to an Android version higher than Nougat (7.0) shouldn't be affected by this malware as Google added security measures against such attacks. However, if you don't use a screen lock method like a passcode or a pattern, the ransomware can still attack your device, though I'd hope that the majority of smartphone users don't leave their phones unprotected these days.
The lesson we can learn here is that you should always use common sense when installing apps outside of the Play Store and rely on trusted sources like APK Mirror, F-Droid, or renowned developers' websites, regardless of a disease outbreak or not.
If the app locked you out of your phone, you'll be happy to learn that you won't need to pay a cent to gain access again. Redditor u/luca020400 decompiled the application and found out that the developers didn't even bother hiding or randomizing the unlock "decrypt" key — it's right there in the code. You just need to enter 4865083501.