Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 21 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ransomware hits Android mobiles

by The Gurus
May 8, 2014
in Editor's News
Share on FacebookShare on Twitter

Mobile malware which locks Android users out of their device and demands a ransom payment has been detected.
 
According to research by Bitdefender , the Reveton or IcePol ransomware displays a bogus message claiming to be from the police and that you have been monitored accessing child abuse websites. The malware, identified as Android.Trojan.Koler.A is delivered automatically while the victim is browsing malicious pornographic sites.
 
“As the user browses, an application that claims to be a video player used for premium access to pornography downloads automatically,” it said. “Unlike the Windows-based Reveton that is delivered via zero-interaction exploits, Koler.A still requires the user to enable sideloading and manually install the application.”
 
As well as locking down the device, it also disables the back button and after returning to the home screen, the user has five seconds to uninstall the APK before a timer brings the malicious application back to the foreground. This goes on every five seconds until you pay the ransom.
 
Bitdefender said that even though the message claims the stored data is encrypted, the application does not have the permissions it needs to touch files.
 
Malwarebytes researcher Armando Orozco, said: “The good news is you don’t have to pay the ransom to remove. However, at times there are race conditions where Koler’s page is up and has control of the screen or you might not have a security tool installed. You can try the traditional method of going to the app tray and dragging the icon to the Uninstall/Remove area, but you have a limited amount of time before Koler resurfaces.”
 
Malwarebytes security researcher Christopher Boyd, said: “Ransomware is particularly effective at generating cash for criminals and scammers because it mixes social engineering with fear highly effectively.  It has been seen on Android since at least 2013, however a new wave is always worth noting as it is particularly effective at generating cash for scammers because it mixes social engineering with fear highly effectively.
 
“Adding in geo-location only serves to reinforce this and therefore it could become a real money-spinner, which is why raising consumer awareness is important. As Android users are so abundant, it is always the most likely candidate for any scam looking to migrate to mobile.”
 
Bitdefender said that the malware controller will have your IMEI on file by the time you see the message, but that Koler.A can be easily removed by either pressing the home screen and navigating to the app, then dragging it on the top of the screen where the uninstall control is located, or by booting the device in safe mode and then uninstalling the app.
 
“Its functionality is very limited, but the APK code is highly obfuscated, either to deter analysis, or to prevent a wannabe cyber criminal from modifying the binary and using it for their own profit,” it said.
 
“The Android version of Icepol might be a test-run for cyber-criminals to see how well this type of scam can be monetised on mobile platform. If this is the case, we should expect much more sophisticated strains of ransomware, possibly capable of encrypting files, to emerge shortly.”
 
Michael Sutton, director of security research at Zscaler, told IT Security Guru that ransomware is growing in popularity, although Koler is really ‘fake ransomware’.
 
He said: “Unlike the more popular Crytolocker, whi
ch impacts PCs and does actually encrypt private files until a ransom is paid, Koler is simply purporting to have encrypted files, but would not have adequate permissions to do so. The victim can simply uninstall the program.
 
“Koler is also a pure social engineering attack, simply tricking the user into installing the application. In short, it’s not a particularly sophisticated piece of malware. It’s new and I do not expect it to become a major threat, given the lack of sophistication but it may also be a first step to experiment in the Android space, leveraging a technique that has been rather profitable in the PC world.”

FacebookTweetLinkedIn
Tags: AndroidmobileRansomware
ShareTweetShare
Previous Post

Microsoft study says cryber-criminals resort to more deceptive measures

Next Post

Rogue employees the biggest fear, but only half train staff

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information