FuckUnicorn, a ransomware that exploits the notoriety of the IMMUNI app during the Covid19 emergency

The Italian application named Immunicode> by the Italian Bending Spoonscode> company, is a software that serves to fight epidemics, including those of covid-19code> . It keeps track of a data by which it is possible to trace the device of the person with whom a person, once recognized as infected, has been in contact. This application is for β€œvoluntary” use, recently the firmware of the manufacturers have updated to prepare to prepare for the use of this application that has already been uploaded to apple and android stores but that has not yet been activated as far as we know.

Tracking should be done via an identification code that changes over time and all data should remain in the mobile phone until it is transmitted to the medical authorities in case of contagion. Data should be stored on servers managed by public entities and should still be deleted no later than December 31, 2020. We will not dwell too much on the details because that is not the purpose of this article.

On the website of theAgid-Cert, which is a government structure dealing with cybersecurity, the information has been disclosed that someone would use the notoriety of the application Immuni to download software of the type ransomware named FuckUnicorn that would be able to infect the systems involved for encrypt the contents of the memory. The purpose of this malicious code would be to blackmail the victim by asking him to pay to unlock the data inside his device.

The first alarm, would be issued publicly on Twitter by @JAMESWT_MHT which points out that downloading a named file IMMUNI.EXEcode> can be responsible for this issue. The news would then be verified by the who Agid-Certcode> wrote a very detailed explanatory article about this possible issue.

In fact, the practice of creating executables with famous application names for the purpose of infecting a computer device, is not a new practice. In fact, it is not uncommon for the victim, involuntarily or not and for various reasons, to download an executable file that could encrypt the contents of the memory in the device of the unfortunate for the purpose of blackmail and not only this.

We also believe that it is useful to specify to the less experienced in the industry that this malicious code has nothing to do with the application or the company that developed Immunicode> it. Cybersecurity has become an integral part of the tech world due to constant scams and attacks that are thought and carried out on a daily basis.

This article does not aim to describe the technical or explanatory issue in detail. For this reason we refer you to the sources 1, 2, 3, 4, 5.

It is important that before downloading any software, regardless of the nature of the software, you are aware that the source is trusted. In case of imperfection, little experience or doubts we recommend that you consult with a cybersecurity expert.

It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.

Leave a Reply