sb-as logo
Story image

Symantec detects ransomware variants created directly on mobile devices

Symantec has discovered new variants of Android.Lockscreen (ransomware) that are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom.

In a recent blog post, Dinesh Venkatesan a principal analyst at Symantec, highlighted the fact that previous versions of these threats locked the screen and used a hardcoded passcode.

However, Symantec analysts have been able to reverse engineer the code to provide victims a way to unlock their devices.

Venkatesan also says the attackers have combined a custom lockscreen with the device's lockscreen to create an additional hurdle for those infected.

“Symantec has seen several variants of a known ransomware family that were developed on Android devices using the Android integrated development environment,” he writes.

"However, the ability to create malware on mobile devices may open up new avenues in the future creation of malware."

As the techniques used to create new ransomware threats on mobile devices are relatively new, the principal analyst adds that a bit of explanation is in order.

“These ransomware threats were created using the rapid application development (RAD) model of software development. This method is typically used for software that requires rapid prototyping and is driven by user interface requirements,” he says.

“This is a particularly suitable way to develop mobile applications because of their reliance on a strong graphical user interface (GUI).”

According to Venkatesan, RAD utilises GUI builders that can make it easier to build applications because of their drag-and-drop wizard functionality, which can be used to build the interface and app.

“Integrated development environments (IDEs), another integral part of the RAD model, help developers to rapidly build an application by automatically generating boiler-plate code,” he explains.

“These functions make it easier for developers, and in this case, attackers, to rapidly create software without worrying too much about planning and design.”

In order to actually develop ransomware on mobile devices, Venkatesan explains that the tools required to build Android apps are computer-based software.

“That means, in order to use them to build Android apps, the developer will need a computer, which is the most common practice when it comes to app development. In this specific case, attackers have used an IDE to design, build, implement, modify, and sign variants of Android.Lockdroid.E directly on mobile devices,” he explains.

“Manipulating the existing code to create newer variants with different configurations is nothing new from a traditional malware development practice.”

However, Venkatesan adds that the adoption of RAD methodology shows how attackers are attempting to find quicker, more flexible ways to create malware.

To protect against these threats, Symantec recommends the people at risk keep their software and operating systems up to date, don’t install apps from unfamiliar sources, back up their devices and install a suitable mobile security app. 

Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More