{"id":1941,"date":"2020-03-19T15:36:54","date_gmt":"2020-03-19T20:36:54","guid":{"rendered":"https:\/\/cert.pa\/?p=1941"},"modified":"2020-03-19T15:36:54","modified_gmt":"2020-03-19T20:36:54","slug":"csirt-panama-aviso-2020-03-19-covidlock-ransomware-para-android","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1941","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-03-19 CovidLock- Ransomware para Android"},"content":{"rendered":"\n<p>CSIRT Panam\u00e1\nAviso 2020-03-19 Ransomware para CovidLock<\/p>\n\n\n\n<p>Gravedad: Alta<\/p>\n\n\n\n<p>Fecha de\npublicaci\u00f3n: marzo 19, 2020<\/p>\n\n\n\n<p>\u00daltima revisi\u00f3n:\nmarzo 19, 2020<\/p>\n\n\n\n<p><a href=\"https:\/\/www.domaintools.com\/resources\/blog\/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware\">https:\/\/www.domaintools.com\/resources\/blog\/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware<\/a><\/p>\n\n\n\n<p>Sistemas\nAfectados:<\/p>\n\n\n\n<p>Android<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>I. Descripci\u00f3n<\/p>\n\n\n\n<p>Los investigadores de DomainTools han detectado un dominio malicioso coronavirusapp[.]site\nque dice tener un rastreador de brotes de coronavirus en tiempo real disponible\na trav\u00e9s de una descarga una aplicaci\u00f3n.<\/p>\n\n\n\n<p>El dominio solicita a los usuarios que descarguen una aplicaci\u00f3n de <strong>Android<\/strong> que les dar\u00e1 acceso a un rastreador de mapas de Coronavirus que parece proporcionar informaci\u00f3n estad\u00edstica y de seguimiento sobre COVID-19, incluidas im\u00e1genes de mapas de calor.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>II. Impacto<\/p>\n\n\n\n<p>La aplicaci\u00f3n est\u00e1 envenenada con ransomware. Esta aplicaci\u00f3n de ransomware para Android, nunca antes vista en la naturaleza, se ha titulado &#8220;<strong>CovidLock<\/strong>&#8221; debido a las capacidades del malware y su historia de fondo. <strong>CovidLock<\/strong> utiliza t\u00e9cnicas para denegar el acceso de la v\u00edctima a su tel\u00e9fono al forzar un cambio en la contrase\u00f1a utilizada para desbloquear el tel\u00e9fono. Esto tambi\u00e9n se conoce como un ataque de bloqueo de pantalla y se ha visto antes en el ransomware de Android.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>III. Indicadores\nde compromiso<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"647\" src=\"https:\/\/cert.pa\/wp-content\/uploads\/2020\/03\/coronavirusappsite_basicinfo-1024x647.png\" alt=\"\" class=\"wp-image-1944\" srcset=\"https:\/\/cert.pa\/wp-content\/uploads\/2020\/03\/coronavirusappsite_basicinfo-1024x647.png 1024w, https:\/\/cert.pa\/wp-content\/uploads\/2020\/03\/coronavirusappsite_basicinfo-300x190.png 300w, https:\/\/cert.pa\/wp-content\/uploads\/2020\/03\/coronavirusappsite_basicinfo-768x485.png 768w, https:\/\/cert.pa\/wp-content\/uploads\/2020\/03\/coronavirusappsite_basicinfo.png 1582w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>IV. Informaci\u00f3n\nde contacto<\/p>\n\n\n\n<p>CSIRT PANAMA<\/p>\n\n\n\n<p>Computer\nSecurity Incident Response Team Autoridad Nacional para la Innovacion\nGubernamental<\/p>\n\n\n\n<p>E-Mail:\ninfo@cert.pa<\/p>\n\n\n\n<p>Phone:\n+507 520-CERT (2378)<\/p>\n\n\n\n<p>Web:\nhttps:\/\/cert.pa<\/p>\n\n\n\n<p>Twitter:\n@CSIRTPanama<\/p>\n\n\n\n<p>Facebook:\nhttp:\/\/www.facebook.com\/CSIRTPanama<\/p>\n\n\n\n<p>Key\nID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2020-03-19 Ransomware para CovidLock Gravedad: Alta Fecha de publicaci\u00f3n: marzo 19, 2020 \u00daltima revisi\u00f3n: marzo 19, 2020 https:\/\/www.domaintools.com\/resources\/blog\/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware Sistemas Afectados: Android I. Descripci\u00f3n Los investigadores de DomainTools han detectado un dominio malicioso&#8230;<\/p>\n","protected":false},"author":5,"featured_media":1943,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[33,72,121,120,30],"class_list":["post-1941","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-android","tag-avisos-de-seguridad","tag-coronavirus","tag-covid19","tag-ransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1941"}],"version-history":[{"count":4,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1941\/revisions"}],"predecessor-version":[{"id":1947,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1941\/revisions\/1947"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1943"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}