Story image

Ransomware masquerades as FBI, Android users in the crossfire

26 May 15

Thousands of Android users have been targeted by a ransomware that demands users to pay $500 to restore access to their smartphone, according to Bitdefender, the anti-malware provider.

Posing as an Adobe Flash Player update, the malware is installed as an innocent video player. However, when the user begins to run it a fake error message is displayed purported to be from the FBI.

After pressing ‘OK’ to continue, users see an ‘FBI warning’ and are unable to navigate away from the programme.

The device’s home screen then delivers a fake message telling users they have broken the law by visiting pornographic websites.

Hackers have also included screenshots of users’ purported browsing history in the malware to make the message more compelling, as well as claims to have screenshots of the victims’ faces and locations.

In order for users to restore access to their device, hackers demand $500. Although, if users try to ‘independently unlock’ their devices, the demand triples to $1,500.

Users are prompted to pay the fee by transferring money via Money Pak and PayPal My Cash.

Bitdefender has detected this threat as the ‘Android.Trojan.SLocker.DZ.’; one of the most prevalent Android ransomware families. 

According to Bitdefender’s internal telemetry, multiple versions of this malware family are available, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.

More than 15,000 spam emails containing malicious .apk files has hit the inboxes of Android users in the last few days, including zipped files detected from servers located in Ukraine, says Bitdefender.

Safety recommendations for users

Unfortunately, there is not much users can do when they fall victim to ransomware, even if this particular strain does not encrypt the files on the infected terminal, says Bitdefender.

When a user is attacked by ransomware, the device’s home screen button and back functionalities are disabled.

Turning the device on and off doesn’t help either because the malware continues running when the operating system boots.

In certain circumstances, Android users can reclaim control of their devices. For instance, if they have Android Data Bridge (ADB) enabled on their infected Android, as they can programmatically uninstall the ransomware application.

If supported by the mobile device, users can also start the terminal in Safe Boot, which allows the user to load a minimal Android configuration which prevents the malware from running. This approach can buy enough time to manually uninstall the malware.

Here’s list of recommendations for users to prevent falling victim to ransomware:

  • Never install applications from untrusted sources. Android blocks the installation of applications outside the Play Store by default, but there are instances when users are forced to change the settings (i.e. when using third-party Android markets). If possible, leave this option in its default state.
  • Regularly back up your data in the cloud or on an external drive.
  • Use an anti-malware solution for your Android device and keep it constantly updated and able to perform active scanning.
  • Follow good internet practices; avoid questionable websites, links or attachments in emails from uncertain sources.
  • Use a filter to reduce the number of infected spam emails that reach your inbox.
The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.
Vodafone and PNSol champion new ‘invisble network’ broadband project
"As an industry, we've increased the speed of broadband to one gigabit and beyond, which is a remarkable achievement, but we now have to look beyond speed."
Top 3 cloud computing predictions – what’s in store for 2019?
Virtustream's Deepak Patil shares his predictions for how cloud computing will evolve in 2019.
Rubrik welcomes $261m funding for new market expansion
The company intends to use the funds from new investor Bain Capital Ventures will go toward future innovation and expansion.