If you thought your Android device was secure because you recently installed that super powerful anti-virus then I am sorry to burst that bubble! Researchers have discovered a new Android ransomware that is so powerful that is eludes all mobile antivirus software, making a mockery of them.
This ransomware is currently targeting the Russian users, and it lacks decryption functionality. This implies that users who are affected by this notorious ransomware version will find it difficult to unlock their devices or access the information stored in mobile phones even after paying the money demanded.
Android Ransomware uses third-party stores:
Zscaler, the mobile cyber-security firm that first identified and spotted this ransomware said that those behind the threat are actually using thye third-party stores to get their ransom amount. They are using a pretty basic mode of operation that has been imitated by other malware operators. This is how they perform – they identify a famous app on the Play Store, create a clone for it and then disassemble it.
After disassembling the app, they change its usual behavior and include ransomware payload in the place of code. They complicate the code with advanced algorithms, repackage it and then upload it to a third-party store.
How long does it take for the ransomware to attack the phone?
After users install the app considering it to be legitimate, the software waits for several hours before it actually starts sending pop-ups to the user asking them for their admin rights. They keep popping up again and again, until the app gets what it wants.
When the users provide their admin rights, the user screen is locked and it demands the user to pay 500 Russian rubles, which is equal to $8-$10.
To force the users to grant their wish, the ransomware threatens to send out SMSes to their contacts saying that the victim was caught watching porn material on their phone.
What are the future threats?
Researchers believe that thee malicious ransomware can easily get into the official Play Store because the developers have been carefully about fooling the security norms. The app uses a highly obfuscated code and a Java reflection method to run the code. As the app takes about 4 hours to execute, it successfully evades the security solutions which usually interact with a newly installed app for a few minutes.
Gaurav Shinde, the Zscaler analyst said that considering the tactics used into this sample, it wouldn’t be wrong to imagine that the ransomware may easily sneak into official Google Play Store.