Express Computer
Home  »  News  »  Microsoft discovers most dangerous mobile Android ransomware

Microsoft discovers most dangerous mobile Android ransomware

0 211

Microsoft has discovered a sophisticated mobile Android ransomware with novel techniques and behaviour, evading many available protections and registering a low detection rate against security solutions.

Called AndroidOS/MalLocker.B, the mobile ransomware is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop.

“This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players,” Dinesh Venkatesan from Microsoft Defender Research team said in a security blog post on Thursday.

As with most Android ransomware, this new threat doesn’t actually block access to files by encrypting them.

Instead, it blocks access to devices by displaying a screen that appears over every other window, such that the user can’t do anything else.

“The said screen is the ransom note, which contains threats and instructions to pay the ransom,” Microsoft said.

This new mobile ransomware variant is an important discovery because the malware exhibits behaviours that have not been seen before and could open doors for other malware to follow.

“It reinforces the need for comprehensive defense powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals,” Microsoft researchers explained.

In the past, Android ransomware used a special permission called “SYSTEM_ALERT_WINDOW” to display their ransom note.

Apps that have this permission can draw a window that belongs to the system group and can’t be dismissed.

No matter what button is pressed, the window stays on top of all other windows.

“The notification was intended to be used for system alerts or errors, but Android threats misused it to force the attacker-controlled UI to fully occupy the screen, blocking access to the device. Attackers create this scenario to persuade users to pay the ransom so they can gain back access to the device,” Microsoft explained.

To adapt, Android malware evolved to misusing other features, but these aren’t as effective.

“The new Android ransomware variant overcomes these barriers by evolving further than any Android malware we’ve seen before”.

Microsoft Defender for Endpoint on Android, now generally available, extends industry-leading endpoint protection to Android.

The company said that it detects this ransomware (AndroidOS/MalLocker.B), as well as other malicious apps and files using cloud-based protection powered by deep learning and heuristics, in addition to content-based detection.

–IANS

Advertisement

Leave A Reply

Your email address will not be published.

India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image