American multinational tech giant, Microsoft has recently discovered sophisticated mobile Android ransomware. They found this ransomware with novel behavior and techniques. It is evading many available protections and securities. It is also registering a very little detection rate against security solutions. This mobile ransomware, called AndroidOS/MalLocker.B, is very dangerous. It is the fresh variant of a ransomware family that was in the wild for some time but has been evolving non-stop.
More About The Ransomeware :
Microsoft Defender Research team member, Dinesh Venkatesan told me about this in a security blog on Thursday. He says,
“This ransomware family is popular for hosting arbitrary websites. It is circulating everywhere. It pretends to be various popular apps, cracked games, or video players. This threatening ransomware doesn’t actually block the access to file. It doesn’t encrypt files like various other Android ransomware. Rather, it displays a screen that appears over every other window and thus blocks access to devices. It makes users incapable of doing anything else.”
Microsoft said, “The screen has a ransom note, including threats and instructions to pay the ransom”.
This new mobile ransomware variant is a crucial discovery. It is so because it shows behaviors that have been seen nowhere before. This situation could open doors for other malware to follow this way.
“It supports the need for comprehensive defense with a strength of broad visibility inside the attack surfaces. We also need domain experts who track the threat landscape and search for notable threats. It is possible that might be hiding amidst massive threat data and signals,” Microsoft researchers explained.
Earlier, Android ransomware used special permission called “SYSTEM_ALERT_WINDOW”. This permission allows them to display their ransom note. Apps with this permission can make a window that belongs to the system group and is not dismissable. No matter what button you press, that threat window stays on top of all other windows.
“This window was intended to notify for system alerts or errors, but Android threats misused it. It forces the UI controlled by the attacker to fully occupy the screen which blocks access to the device. Ransomware creates this situation to force users to pay the ransom so as to get back the access to the device,” Microsoft explained.
This Android malware evolved to misuse other features, but these aren’t as powerful. Microsoft says that its defender detects AndroidOS/MalLocker.B as well as other malicious apps and files. They used cloud-based protection strengthened by deep learning and heuristics, along with content-based detection.