Difficult Android Ransomware Locks In

Monday, July 21, 2014 @ 02:07 PM gHale

A new scareware with ransomware capabilities can lock an Android mobile phone completely.

The malware poses as a legitimate app a user can download from third-party Android software repositories, and asks for administrator privileges.

RELATED STORIES
New Android and iOS Mobile Malware
Linux Vulnerability could Hit Androids
Java to Android Ransomware Rescue
New Exploit Kit Delivering Ransomware

Once the elevated permissions end up obtained, it automatically blocks the phone with a ransom message purporting to be from the FBI. Access to data or any function of the device ends up restricted, making it inoperable.

Navigating to a different app is not possible because the malicious app, which they named ScarePakage, uses a Java TimerTask to kill any processes unrelated to the malware every ten milliseconds, said researchers at the security firm, Lookout.

In addition, the attackers integrated a wave lock mechanism designed to instruct Android the app needs to stay on, which prevents the phone from entering sleep mode.

The ransom message displayed on the screen purports to be from the FBI and informs the user the lock has been enabled due to violation of federal laws of the United States that prohibit visiting online locations that provide pornographic content involving children, animals, as well as child abuse and spamming.

Lookout said the victim ends up “fined” several hundred dollars via a MoneyPak voucher in order to unlock the device.

According to the security researchers, the malicious app masquerades as an Adobe Flash package, and in some cases, as an antivirus solution which even starts a scan of the device. Of course, the verification is fake, and as soon as it completes, the lock goes straight onto the phone.

Restarting the device does not disable the ransomware because “a boot receiver class resumes ScarePakage’s takeover of your device immediately, shutting down all other processes that the user interacts with,” said Meghan Kelly on the Lookout blog.

One precaution that could prevent having the device infected with this malicious app implies avoiding to download packages from sources outside Google Play Store.

Also, another way is to not give administrator privileges to apps not verified as coming from trusted developers. ScarePakage does not need to root the phone in order to render it inoperable; it only needs elevated privileges.



Leave a Reply

You must be logged in to post a comment.