Cybersecurity researcher Harish Ganesan successfully managed to install a ransomware application called Covidlock on the META Quest VR team headset. He provided a video demonstration of this hacking feat for the publication 404 Media.
Ganesan found himself unable to remove the malicious application, as it had acquired administrator rights on the device. The video footage shows a floating window appearing on the screen in front of the user, which Ganesan attempted to close and remove through the device’s system settings, but to no avail.
Covidlock, the malware injected into the Quest 3 headset, masqueraded as a Covid infection tracking application during the pandemic. Instead, it would block the victim’s device and demand a $100 ransom in bitcoins within 48 hours, threatening to wipe all data from the device if the demand was not met.
Utilizing the Android operating system on the Quest 3 headset, Ganesan was able to install Covidlock by using the mobile vr Station application to access the Android file system and implant the malicious software. In his post, Ganesan mentioned how the attacker could manipulate and deceive the victim into installing the ransomware application.
It is important to note that META and its products are considered extremist and are prohibited in the territory of the Russian Federation.