Ransomware Targets Android Users

Tuesday, February 2, 2016 @ 05:02 PM gHale

New Android ransomware can end up exposing the user’s browsing history.

The Lockdroid ransomware uses overlaid pop ups in order to trick victims into allowing the malicious code to gain administrative privileges on targeted devices.

Exploiting a Flaw in Ransomware
OpenSSH Flaw could Leak Private Keys
Ransomware Locks Files, Tosses Key
Ransomware Spreads Via Exploit Kit

The clickjacking attack works on devices running versions of Android prior to 5.0 (Lollipop), leaving an estimated two in three Android smartphone users at risk.

Once installed, the malware encrypts files before demanding a ransom. It posts a fake message supposedly from the U.S. Department of Justice saying they locked the mobile device after visiting sites containing illicit content but they will unlock it after paying a “fine.”

Lockdroid is also able to grab a user’s browsing history and contacts list, before threatening to expose a victim’s potentially embarrassing browsing history by forwarding it to their contacts.

Lockdroid poses as a smut surfing app called Porn O’ Mania. The malicious app is not on Google Play and may end up downloaded from third-party app stores, forums, or torrent sites, said researchers at Symantec.

Lockdroid is also capable of locking the device, changing the device PIN, and deleting user data through a factory reset.

This extended spectrum of aggressive extortion tactics end up used to force victims into paying the ransom.

Click here for more information from Symantec.