Android Ransomware on Rise: Report

Tuesday, February 28, 2017 @ 02:02 PM gHale

Almost 40 million attacks by malicious mobile software occurred on Android-based devices, researchers said.

On top of that, the amount of malicious installation packages was three times larger than the previous year, amounting to over 8.5 million, according to a report from Kaspersky Lab. 

Remove Admin Rights, Cure Microsoft Issues
Infecting Ladder Logic Can Beat a PLC
Oil and Gas Security ‘Not Keeping Pace’
ARC: Open, Secure Systems Moving Forward

Attacks by malicious mobile software ended up recorded in over 230 countries and territories with Bangladesh taking the top spot with over 50 percent of users affected, according to the Mobile Malware Evolution 2016 report from Kaspersky. The list continues with Iran, Nepal, China, Indonesia, all with over 40 percent of users affected. Algeria, Nigeria, Philippines, India and Uzbekistan follow next.

Based on the number of detected installation packages, RiskTool was the most widespread malware type in 2016. AdWare follows next, Trojan-SMS, Trojan-Dropper, and a regular Trojan complete the top 5.

Kaspersky further detected nearly 129,000 malicious banking Trojans, as well as over 261,000 mobile ransomware Trojans.

“The year’s most prevalent trend was Trojans gaining super-user privileges. To get these privileges, they use a variety of vulnerabilities that are usually patched in the newer versions of Android,” researchers said in the report.

By gaining root privileges, these Trojans have almost unlimited possibilities. They can secretly install other advertising apps, display ads, install third-party software, and they can even buy apps on Google Play.

The modular Trojan Backdoor.AndroidOS.Triada was one of the most widespread, researchers said. It modified the Zygote processes, allowing it to remain in the system, alter texts sent by other apps, making it even possible to steal money from the owner of the device. Apps carrying this class of malicious software were in the Google Play app store. One app, for instance, called Guide for Pokemon Go New ended up detected as and victims downloaded it over half a million times.

Google Play continues to be the target of cybercriminals trying to pass their apps as legitimate. In October and November alone, Kaspersky detected 50 new apps infected by Adware.

“Google Play was used to spread Trojans capable of stealing login credentials,” Kaspersky researchers said. “One of them was Trojan-Spy.AndroidOS.Instealy.a which stole logins and passwords for Instagram accounts. Another was Trojan-PSW.AndroidOS.MyVk.a: it was repeatedly published in Google Play and targeted user data from the social networking site VKontakte.”

One of the major threats against Android users was ransomware. Mobile ransomware has been spreading like wildfire. While the original ransomware tools used against mobile users encrypted user data and demanded money to decrypt them, ransomware now takes things a step further and makes it impossible to use the device.

Ransom.AndroidOS.Fusob was the most popular mobile ransom program in 2016, mostly attacking users in Germany, the United States, and the United Kingdom, researchers said. Regularly, attackers demand somewhere between $100 and $200 to unlock a device, mostly paid either via codes from pre-paid iTunes cards or via BitCoin.

Leave a Reply

You must be logged in to post a comment.