Alleged Android COVID-19 Tracing App Hides Sneaky CryCryptor Ransomware Payload

published 25.06.2020 11:30

by Shane Mcglaun from

That bug is what allowed ESET to create the decryption tool, which launches the decrypting functionality that was built into the ransomware app by its creators.

CWE-926 is a bug that allows any app installed on the affected device to launch any exported service provided by the ransomware.

ESET says that when the ransomware turned up on its radar, it discovered on investigation a bug of the type "Improper Export of Android Components" that MITRE labels as CWE-926 in the app.

Once the victim downloads and installs the app, all the most common file types on the device are encrypted.

ESET researchers have identified and analyzed the ransomware, known as CryCryptor, and created a decryption tool for victims.