E-Threats

New Wave of Android Ransomware Lurks Behind FBI Porn Warning, Bitdefender Warns

Thousands of Android users are at risk of having their mobile devices and private contents locked by a particularly ruthless ransomware demanding 500$ to restore access to their smartphone, according to anti-malware provider Bitdefender.

A fresh strain of spam emails containing malicious .apk files has hit inboxes of Android users in the last few days. Bitdefender has detected over 15,000 spam emails, including zipped files, originating from servers located in Ukraine.

New Wave of Android Ransomware Lurks Behind FBI Porn Warning, Bitdefender Warns

Posing as an Adobe Flash Player update, the malware downloads and installs as an innocent Video Player. When the user tries to run it, a fake error message is displayed.

New Wave of Android Ransomware Lurks Behind FBI Porn Warning, Bitdefender Warns

After pressing “OK” to continue, users see an FBI warning, and cannot escape by navigating away. The device’s home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites. To make the message more compelling, hackers added screenshots of the so-called browsing history.

The warning gets scarier, as it claims to have screenshots of the victims’ faces and know their location.

New Wave of Android Ransomware Lurks Behind FBI Porn Warning, Bitdefender Warns

To provide the decryption key necessary to restore device access, hackers demanding $500. However, if users try to “independently unlock” their devices, the amount triples to $1,500. To pay the fee, users are told to use Money Pak and PayPal My Cash transfers.

Bitdefender detects the threat as Android.Trojan.SLocker.DZ. This is one of the most prevalent Android ransomware families as the authors regularly create new variants. Bitdefender’s internal telemetry shows multiple versions of this malware family, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.

Safety recommendations for users

Unfortunately, there is not much you can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device’s home screen button and back functionalities are no longer working, and turning the device on/off doesn’t help either, as the malware runs when the operating system boots.

In certain circumstances, Android users can reclaim control of their devices. If you have ADB (Android Data Bridge) enabled on your infected Android, you can programmatically uninstall the offending application.

Also, if your mobile device supports it, start the terminal in Safe Boot. This option loads a minimal Android configuration and prevents the malware from running, which can buy you enough time to manually uninstall the malware.

However, prevention is key. Here is a useful list of recommendations for users:

  • Never install applications from untrusted sources. Android blocks the installation of applications outside the Play Store by default, but there are instances when users are forced to change the settings (i.e. when using third-party Android markets). If possible, leave this option in its default state.
  • Regularly back up your data in the cloud or on an external drive.
  • Use an anti-malware solution for your Android device and keep it constantly updated and able to perform active scanning.
  • Follow good internet practices; avoid questionable websites, link or attachments in emails from uncertain sources.
  • Use a filter to reduce the number of infected spam emails that reach your inbox.

This article is based on the technical information provided courtesy of Bitdefender Senior Antispam Researcher Adrian MIRON, Malware Researchers Alin BARBATEI and Vlad ILIE.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.