Story image

Ransomware masquerades as FBI, Android users in the crossfire

26 May 15

Thousands of Android users have been targeted by a ransomware that demands users to pay $500 to restore access to their smartphone, according to Bitdefender, the anti-malware provider.

Posing as an Adobe Flash Player update, the malware is installed as an innocent video player. However, when the user begins to run it a fake error message is displayed purported to be from the FBI.

After pressing ‘OK’ to continue, users see an ‘FBI warning’ and are unable to navigate away from the programme.

The device’s home screen then delivers a fake message telling users they have broken the law by visiting pornographic websites.

Hackers have also included screenshots of users’ purported browsing history in the malware to make the message more compelling, as well as claims to have screenshots of the victims’ faces and locations.

In order for users to restore access to their device, hackers demand $500. Although, if users try to ‘independently unlock’ their devices, the demand triples to $1,500.

Users are prompted to pay the fee by transferring money via Money Pak and PayPal My Cash.

Bitdefender has detected this threat as the ‘Android.Trojan.SLocker.DZ.’; one of the most prevalent Android ransomware families. 

According to Bitdefender’s internal telemetry, multiple versions of this malware family are available, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.

More than 15,000 spam emails containing malicious .apk files has hit the inboxes of Android users in the last few days, including zipped files detected from servers located in Ukraine, says Bitdefender.

Safety recommendations for users

Unfortunately, there is not much users can do when they fall victim to ransomware, even if this particular strain does not encrypt the files on the infected terminal, says Bitdefender.

When a user is attacked by ransomware, the device’s home screen button and back functionalities are disabled.

Turning the device on and off doesn’t help either because the malware continues running when the operating system boots.

In certain circumstances, Android users can reclaim control of their devices. For instance, if they have Android Data Bridge (ADB) enabled on their infected Android, as they can programmatically uninstall the ransomware application.

If supported by the mobile device, users can also start the terminal in Safe Boot, which allows the user to load a minimal Android configuration which prevents the malware from running. This approach can buy enough time to manually uninstall the malware.

Here’s list of recommendations for users to prevent falling victim to ransomware:

  • Never install applications from untrusted sources. Android blocks the installation of applications outside the Play Store by default, but there are instances when users are forced to change the settings (i.e. when using third-party Android markets). If possible, leave this option in its default state.
  • Regularly back up your data in the cloud or on an external drive.
  • Use an anti-malware solution for your Android device and keep it constantly updated and able to perform active scanning.
  • Follow good internet practices; avoid questionable websites, links or attachments in emails from uncertain sources.
  • Use a filter to reduce the number of infected spam emails that reach your inbox.
DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.