Wednesday, October 22, 2014

Android Ransomware Spreading via SMS

From Eskenzi PR Ltd:

Following the news that a Koler worm is spreading via SMS and holding Android phones for ransom  Mark James, security specialist at  ESET, explains how the attack works and how to get rid of it:

"The natural progression from desktop to mobile device for ransomware was going to pick up momentum at some point and sure enough, we are seeing more and more cases of malware on the mobile platforms (Android). The biggest factor in this is people's assumption that they are safe on a mobile.
"In this particular case, an SMS is used for the initial contact - which in itself can lure a level of trust that emails do not have - if the masked (truncated) link is followed by a page that will display some kind of tasty treat for free (that may include a free service or free app) which once installed will contain the malware, ransom screens are then presented on your device with no apparent way to get rid of them. These often will use such words as "child pornography" designed to scare the individual into paying the ransom to have it removed.
"Removing these type of infections is often very simple and can be done by either booting into safe mode (internet searches will often yield many results on how to do this yourself) and uninstalling the offending application (or the last installed app if you don’t remember the name) or as a last resort, factory resetting the device and restoring from your last good backup ( maybe 1 or 2  days prior to be safe ). The best advice I can give here is DO NOT install any apps from third party websites or links, both Apple and Google Play are by no means 100% safe but they are a lot safer than using a random website to install apps."

Related Books:

Android Malware and Analysis by Ken Dunham and Friends

Android Security: Attacks and Defenses by Anmol Misra and Abhishek Dubey