- Aug 17, 2014
Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note.
Android ransomware typically allows cybercriminals to make a profit not by encrypting files — such as in the case of ransomware targeting desktop systems — but by displaying a full-screen ransom note that is difficult for the user to remove.
Microsoft says this particular Android ransomware family has been around for a while and its developers have continued to make improvements. Previous variants of the malware abused Android accessibility features or system alert windows to display the ransom note. However, Google has been taking steps to prevent abuse of these features, and some methods used by attackers can be easily spotted or bypassed by the victim.
In an effort to increase its chances of success, the latest version of the Android ransomware, which Microsoft tracks as AndroidOS/MalLocker.B, uses a new technique to display the ransom note and make it more difficult to remove. The ransomware note is usually a fake police notice informing the victim that explicit images had been found on their device and instructing them to pay a fine within 24 hours.