Microsoft warns of a new form of mobile ransomware that uses incoming calls and Android's Home button to lock the device behind a ransom screen.
Discovery Ransomware Android
The newly discovered Ransomware is related to a variant of a well-known Android Ransomware family called “MalLocker.B” which has now resurfaced with a new technique. The purpose of the newfound Ransomware is to make ransom demands on infected devices by making your device unusable through obfuscation mechanism. The development is due to a huge increase in Ransomware attacks on critical infrastructure in various sectors. with a 50% increase, the daily average of Ransomware attacks over the last three months compared to the first half of the year. Cybercriminals are increasingly incorporating double extortion into their playbook.
MalLocker as Ransomware
MalLocker is known for being hosted on malicious websites and distributed on online forums using various kinds of social engineering by impersonating popular apps, cracked games or video players.
Previous cases of Android Ransomware abused Android accessibility features or permission called “SYSTEM_ALERT_WINDOW” to display a permanent window on top of all other screens to show you the ransom window. This screen will usually pretend to be fake police messages or warn about supposedly finding explicit images on your private device. But just when anti-malware software started detecting this behavior, the new Android Ransomware variant has changed its approach to overcome this barrier.
MalLocker new technique
MalLocker.B uses a new tactic where they permanently freeze your screen on a blackmail screen and keep it that way until payment is completed. In order to do this, the new Ransomware variant uses the 'call' notification which is used to alert the user of incoming calls to display a window that covers the entire area of the screen. This calling screen is then combined with a Home or Recents key to activate the ransom screen and bring it to the forefront.
In an effort to mask its true purpose, the Ransomware code is heavily hidden and rendered unreadable by name-mangle. In this way, there is deliberate use of meaningless variable names and unwanted code to thwart analysis. ”
This new mobile Ransomware variant is an important discovery, because this malware behavior has not been seen before and who knows, it could open even more doors for other malware.” According to Microsoft 365 Defender Research Team.
How do I protect my phone against Ransomware?
Flexamedia offers an internet security app to counter this kind of maliciousness. Do you want more information about this? Then take it without obligation contact us.
