sb-nz logo
Story image

Android ransomware spreads further, with new methods in its toolbox

06 Dec 2016

Ransomware seems to have maintained its attractiveness amongst cybercriminals, steadily growing on multiple platforms – including mobile since 2014.

Android users have been targeted by various types of this extorting malware, most frequently by the police ransomware, trying to scare victims into paying up after (falsely) accusing them of harvesting illegal content on their devices.

The most popular attack vector used by cybercrooks has remained unchanged since the beginning of the “ransomware epidemic”. That is the misuse of unofficial markets and forums to spread their preferred family or variant of malicious code.

But 2016 also brought cases where cybercriminals added other, more sophisticated methods to their toolboxes. Attackers tried to bury malicious payloads deeper into applications. To achieve this, they encrypted them, then moved them to the assets folder, which is typically used for pictures or other contents necessary for the app. 

The apps however, seemingly had no real functionality on the outside, but on the inside, there was a decryptor able to both decrypt and run the ransomware.

ESET experts have also documented Android ransomware spreading via email. Attackers used social engineering to manipulate victims into clicking on a malicious link in the message and directed them to an infected Android application package (APK).

Another interesting development observed this year has been the growing focus of Jisut ransomware operators on Chinese markets, using a localized Chinese ransom message.

If you want to know more about the contents of our new Trends in Android Ransomware whitepaper stop by ESET booth B05 in Hall 5 at Mobile World Congress 2017 in Barcelona.

On top of that, ESET’s chief research officer Juraj Malcho will talk about recent developments in banking malware as well as ransomware.

Article by Ondrej Kubovic, author for We Live Security 

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More