Cybersecurity researchers have discovered a new strain of Android ransomware that is reportedly able to evade all antivirus programs tested on it, making it an alarming threat to those who are vulnerable.

Detected by the Zscaler ThreatLabZ team, this ransomware targets Russian speakers, and is not equipped with any decryption functionality. This means that even if a payment is made, the device will still stay locked.

———

While the threat is distributed using third-party app stores, the cybercriminals are smart enough to entice users to download it. They will identify a popular app on the Google Play Store, clone it, and disassemble it. Soon after, they will alter the apps’ behaviour by modifying its programming, and inject their own malicious code. Once the app has been repackaged, it will be sent to the third-party app store.

The ingenuity of the cybercrooks doesn’t end there, however; as soon as victims install the fake app, it will wait four hours before it launches its modus operandi. When the time is right, It starts to ask the user to grant it administrator rights, which include automatically changing the lock screen password, monitor screen-lock attempts, auto-lock the screen, and set the lock screen password expiration. The user can’t easily dismiss the request, however, as doing so will only make the pop-up return, until the victim agrees to grant it access.

Once the app has been given admin rights, it will display a lock screen, saying that they have to pay 500 Russian Rubles (equal to around $9). It even threatens the user by saying that if they don’t pay up, the app will send a message to all their contacts, and say that they are watching illegal adult content.

The Scary Part:

The worst part about this app is that it lacks the basic decryption functionality, which means that the phone cannot be unlocked even if the ransom is paid. Furthermore, the experts believe that the app could have been easily uploaded to the Google Play Store because of the delaying tactic of the malicious code execution.

How to Get Rid of This Ransomware?

According to the security researchers, the only way to get rid of this ransomware is to boot in safe mode, remove the administrator rights to the app and uninstall the app.

NordVPN - Discount

Last updated:


0 Comments

Leave a Reply