Microsoft Warns of Android Ransomware Abusing Notification Services

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note.

Android ransomware typically allows cybercriminals to make a profit not by encrypting files — such as in the case of ransomware targeting desktop systems — but by displaying a full-screen ransom note that is difficult for the user to remove.

Microsoft says this particular Android ransomware family has been around for a while and its developers have continued to make improvements. Previous variants of the malware abused Android accessibility features or system alert windows to display the ransom note. However, Google has been taking steps to prevent abuse of these features, and some methods used by attackers can be easily spotted or bypassed by the victim.

In an effort to increase its chances of success, the latest version of the Android ransomware, which Microsoft tracks as AndroidOS/MalLocker.B, uses a new technique to display the ransom note and make it more difficult to remove. The ransomware note is usually a fake police notice informing the victim that explicit images had been found on their device and instructing them to pay a fine within 24 hours.
Microsoft has published a blog post with technical details on how the malware works and how organizations can protect themselves against such threats.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Microsoft says that it sees the ransomware mostly being distributed by attackers in online forums and through random webpages rather than official channels. They typically market the malware by making it look like other popular apps, video players, or games to entice downloads. And though there have been some early examples of iOS ransomware, this is still far less common—similar to how Mac ransomware is still relatively rare. Microsoft shared the research with Google prior to publication, and Google emphasized to WIRED that the ransomware was not found in its Play Store.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Microsoft need a consumer-friendly version of their Defender for Android users.

Their partnership with Samsung, would hugely boost usage of Microsoft apps on the Google platform.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top