Story image

Android ransomware spreads further, with new methods in its toolbox

06 Dec 16

Ransomware seems to have maintained its attractiveness amongst cybercriminals, steadily growing on multiple platforms – including mobile since 2014.

Android users have been targeted by various types of this extorting malware, most frequently by the police ransomware, trying to scare victims into paying up after (falsely) accusing them of harvesting illegal content on their devices.

The most popular attack vector used by cybercrooks has remained unchanged since the beginning of the “ransomware epidemic”. That is the misuse of unofficial markets and forums to spread their preferred family or variant of malicious code.

But 2016 also brought cases where cybercriminals added other, more sophisticated methods to their toolboxes. Attackers tried to bury malicious payloads deeper into applications. To achieve this, they encrypted them, then moved them to the assets folder, which is typically used for pictures or other contents necessary for the app. 

The apps however, seemingly had no real functionality on the outside, but on the inside, there was a decryptor able to both decrypt and run the ransomware.

ESET experts have also documented Android ransomware spreading via email. Attackers used social engineering to manipulate victims into clicking on a malicious link in the message and directed them to an infected Android application package (APK).

Another interesting development observed this year has been the growing focus of Jisut ransomware operators on Chinese markets, using a localized Chinese ransom message.

If you want to know more about the contents of our new Trends in Android Ransomware whitepaper stop by ESET booth B05 in Hall 5 at Mobile World Congress 2017 in Barcelona.

On top of that, ESET’s chief research officer Juraj Malcho will talk about recent developments in banking malware as well as ransomware.

Article by Ondrej Kubovic, author for We Live Security 

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.