The Inquirer-Home

Cryptolocker ransomware hits Android smartphones and tablets via fake porn app

Bricks your phone and demands you pay $300 to unlock it
Fri May 09 2014, 16:10

Google Android MalwareA VARIANT of the Cryptolocker ransomware that plagued PC users over the last year by encrypting critical computer files and demanding cash to unlock them has hit Android devices.

Uncovered by a well-known security researcher who goes by the handle Kafeine on the blog Malware Don't Need Coffee, the new strain infects a victim's device when they visit a malicious domain on their Android device, which redirects them to a pornography website, where the criminals then use social engineering to trick users into downloading a malicious file.

The dodgy file tells the Android mobile operating system that it is a pornography app, but once opened the user's phone will be bricked and something along the lines of the following message will appear:

"Have you been looking at child pornography on your Android phone?! Quick, pay this fine or the FBI will arrest you!"

"The locker is kind of effective," Kafeine writes in the post. "You can go on your homescreen but nothing else seems to work. Launching [the] Browser, calling Apps, or 'list of active task' will bring the Locker back."

The malware effectively holds phones and tablets to ransom, informing the user via the message that he or she could potentially face a five to 11 year jail sentence unless they pay a $300 fine via Moneypak.

Cryptolocker first came to prominence in the latter half of 2012 when it was being used to blackmail computer users for Bitcoins as opposed to cash. It is fairly honest with its victims about what its intentions are, whereas many varieties of ransomware present their victims with warnings purporting to come from law enforcement.

In this case, Cryptolocker comes in different forms according to the country in which it is acquired so will change the text according to user location. For example, it will display "Metropolitan Police" in the UK instead of "FBI" in the US.

Last December, Dell's security research team revealed that Cryptolocker had managed to infect up to 250,000 devices, stealing almost $1m in Bitcoins, or about £600,000.

"Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat," Dell said in a Secureworks post.

The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected in September 2013 immediately upon receiving them, they would have made off with nearly $380,000.

Security firm Kaspersky said in a blog post that the development is "unsurprising, considering Android's market share" and the increase in malware samples targeting Android devices. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?