Cyber gangs expand ransomware scams to target Android users

Malware cyber criminal

Criminals have expanded their ransomware campaigns to target Google Android smartphones and tablets, according to security firm Trend Micro.

Trend Micro security researcher Abigail Pichel revealed the development in a blog post, warning the malware is infecting machines using a set of malicious URLs.

“This is detected as ANDROIDOS_LOCKER.A and can be downloaded through a specific URL. The domain contains words like ‘video’ and ‘porn’, which can give an idea of how users wound up on the site,” read the post.

Ransomware is a particularly nasty form of malware that locks infected machines to a static screen. The attackers usually demand payment from the victim to have the machine unlocked.

“The malware will monitor the screen activity when a device is active or running. Based on the analysis of its code, it tries to put its UI on top of the screen when the device is unlocked,” explained Pichel.

“People will not be able to uninstall the malicious app by traditional uninstall means as one would normally do because the system or even the AV UI is always ‘covered’ by the malware’s UI.”

Pichel added the attacks also have very basic data siphoning powers. “It also tries to connect to several URLs that are its command-and-control servers,” read the post.

“The ransomware appears to be capable of sending information to these C&C servers albeit a limited function because it only has few permissions.”

The source of the new mobile attacks remains unknown though Pichel said Trend Micro has successfully tracked the malicious URLs to IP addresses in the US and Netherlands.

“These URLs are hosted in two IP addresses located in the US and in the Netherlands. Further analysis reveals that these IP addresses also host other malicious URLs, though not related to this particular malware,” he added.

Ransomware is an increasingly popular form of malware in cyber criminal communities. Microsoft reported in May that the number of cyber attacks using the infamous Reveton ransomware doubled over the past year.

27 May 2014 | 10:34 am – Source:

Leave a Reply

Your email address will not be published.