SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Android ransomware spreads further, with new methods in its toolbox
Tue, 6th Dec 2016
FYI, this story is more than a year old

Ransomware seems to have maintained its attractiveness amongst cybercriminals, steadily growing on multiple platforms – including mobile since 2014.

Android users have been targeted by various types of this extorting malware, most frequently by the police ransomware, trying to scare victims into paying up after (falsely) accusing them of harvesting illegal content on their devices.

The most popular attack vector used by cybercrooks has remained unchanged since the beginning of the “ransomware epidemic”. That is the misuse of unofficial markets and forums to spread their preferred family or variant of malicious code.

But 2016 also brought cases where cybercriminals added other, more sophisticated methods to their toolboxes. Attackers tried to bury malicious payloads deeper into applications. To achieve this, they encrypted them, then moved them to the assets folder, which is typically used for pictures or other contents necessary for the app.

The apps however, seemingly had no real functionality on the outside, but on the inside, there was a decryptor able to both decrypt and run the ransomware.

ESET experts have also documented Android ransomware spreading via email. Attackers used social engineering to manipulate victims into clicking on a malicious link in the message and directed them to an infected Android application package (APK).

Another interesting development observed this year has been the growing focus of Jisut ransomware operators on Chinese markets, using a localized Chinese ransom message.

If you want to know more about the contents of our new Trends in Android Ransomware whitepaper stop by ESET booth B05 in Hall 5 at Mobile World Congress 2017 in Barcelona.

On top of that, ESET's chief research officer Juraj Malcho will talk about recent developments in banking malware as well as ransomware.