Ransomware On Android Devices
Ransomware is a growing problem for mobile users. It has already been causing financial and data losses for many years, but it has now made its way to the Android platform. The new growing threat to Android Devices users is Ransomware. This type of software locks the screen and encrypts files on your Android device.
Ransomware is a type of malware that has been plaguing the Android world recently. It’s been growing in popularity and has been implemented on many phones. Ransomware is similar to regular desktop malware. The same techniques that have proven to be successful on computers are being used on mobile devices. Police lock-screens are popular on both Windows and Android. These programs falsely accuse victims of illegal activity, then demand a payment to “settle” the problem. This is like CryptoLocker, which used strong encryption to prevent victims from accessing their own files.
It has been noticed that cyber criminals are no longer only targeting Eastern European countries. Some of the recent malware, such as Android/Simplocker and Android/Lockerpin, are focused mostly on the USA.
What Is Ransomware On Android?
Ransomware is any type of malware that takes over your computer or your data and demands a sum of money from you in exchange for its release. There are two main types of ransomware:
- Lock-screen ransomware
In this kind of ransomware, the hijacked resource is access to the compromised system. In file-encrypting crypto-ransomware, the hijacked resource is the user’s files. Ransomware has been a pain for Windows users since 2013, when it became more popular. In the past, it only affected individuals, but it’s also affecting businesses with android devices.
Common Infection Vectors
Android malware often takes advantage of the fact that people will download apps that are popular. If a game or a news app becomes really popular, hackers will make a fake version of it and trick people into downloading it. In some cases, the malicious APKs bear only the name and icon of the legitimate application. In other cases, malware writers take existing applications and add malicious code, keeping the original functionality. For malware that doesn’t inherently rely on a visual manifestation like ransomware does (backdoors or SMS trojans, for example), this malicious APK is the only way to recognize it.
Some commands that are supported by Android ransomware, outside its primary scope of locking the device and displaying a ransom message, include:
- open an arbitrary URL in the phone’s browser
- send an SMS message to any or all contacts
- lock or unlock the device
- steal received SMS messages
- steal contacts
- display a different ransom message
- update to a new version
- enable or disable mobile data
- enable or disable Wi-Fi
- track user’s GPS location
These days, HTTP is the default protocol used by malware. However, in a few cases there has been malware communicating by using Google Cloud Messaging or Baidu Cloud Push. With Google Cloud Messaging, developers can send and receive data to and from apps installed on the Android device. Similarly, Baidu Cloud Push is also used for communication between malware and its Command and Control (C&C) server. Some malware samples communicate with a .onion Tor domain.
How To Keep Your Android Protected
Android users must take steps to avoid ransomware. Among the most important steps is to use Google Play and not an unofficial app store. A mobile security app can also be installed and kept up to date. Furthermore, backups should be made of all important data on the device. If you have a backup of your data, you will never be faced with the decision of whether or not to pay a ransom. If you do fall victim to ransomware and your data is encrypted, it is only a nuisance to restore from your backup.
I hope this article was helpful, if you have any questions, please feel free to contact me. If you would like to be notified of when I create a new post, you can subscribe to my blog alert.