Story image

Symantec detects ransomware variants created directly on mobile devices

04 Oct 16

Symantec has discovered new variants of Android.Lockscreen (ransomware) that are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom.

In a recent blog post, Dinesh Venkatesan a principal analyst at Symantec, highlighted the fact that previous versions of these threats locked the screen and used a hardcoded passcode.

However, Symantec analysts have been able to reverse engineer the code to provide victims a way to unlock their devices.

Venkatesan also says the attackers have combined a custom lockscreen with the device's lockscreen to create an additional hurdle for those infected.

“Symantec has seen several variants of a known ransomware family that were developed on Android devices using the Android integrated development environment,” he writes.

"However, the ability to create malware on mobile devices may open up new avenues in the future creation of malware."

As the techniques used to create new ransomware threats on mobile devices are relatively new, the principal analyst adds that a bit of explanation is in order.

“These ransomware threats were created using the rapid application development (RAD) model of software development. This method is typically used for software that requires rapid prototyping and is driven by user interface requirements,” he says.

“This is a particularly suitable way to develop mobile applications because of their reliance on a strong graphical user interface (GUI).”

According to Venkatesan, RAD utilises GUI builders that can make it easier to build applications because of their drag-and-drop wizard functionality, which can be used to build the interface and app.

“Integrated development environments (IDEs), another integral part of the RAD model, help developers to rapidly build an application by automatically generating boiler-plate code,” he explains.

“These functions make it easier for developers, and in this case, attackers, to rapidly create software without worrying too much about planning and design.”

In order to actually develop ransomware on mobile devices, Venkatesan explains that the tools required to build Android apps are computer-based software.

“That means, in order to use them to build Android apps, the developer will need a computer, which is the most common practice when it comes to app development. In this specific case, attackers have used an IDE to design, build, implement, modify, and sign variants of Android.Lockdroid.E directly on mobile devices,” he explains.

“Manipulating the existing code to create newer variants with different configurations is nothing new from a traditional malware development practice.”

However, Venkatesan adds that the adoption of RAD methodology shows how attackers are attempting to find quicker, more flexible ways to create malware.

To protect against these threats, Symantec recommends the people at risk keep their software and operating systems up to date, don’t install apps from unfamiliar sources, back up their devices and install a suitable mobile security app. 

Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.