News

Ransomware attacks Android devices with $500 fee

If a user tries to unlock their device without paying a fee, the ransom increases to $1500

29 May 2015

Bitdefender has uncovered a scam email campaign that locks Android devices and demands a $500 (330) release fee if users download the malware to their devices. If a user tries to unlock the device without paying the fee, it rises to $1500 (980).

The bug used to infiltrate systems is known as Android.Trojan.SLocker.DZ, which is one of the most widely-used tools to demand fees from Android users.

Bitdefender found more than 15,000 spam emails containing zipped files that claim to be an update for Adobe Flash Player. When a user clicks on the email attachment, the malware is downloaded and installed as a video player. When a user attempts to use the player, they see an FBI warning which they cannot close.

Catalin Cosoi, chief security strategist at Bitdefender explained: "The device's home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites. To make the message more compelling, hackers add screenshots of the so-called browsing history. The warning gets scarier as it claims to have screenshots of the victims' faces and know their location."

In this case, the source of the malware has been traced to .edu, .com, .org and .net domain servers, but it's not clear from where the attack originates.

Cosoi warned: "Unfortunately, there is not much users can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device's home screen button and back functionalities are no longer working, and turning the device on/off doesn't help either, as the malware runs when the operating system boots."

He recommends that if users have Android Data Bridge enabled, they uninstall the application if they are able to find it on their device. Otherwise, they can start the device in Safe Boot mode, allowing the application to be uninstalled.