![]() ![]() Then we install the malware: adb install Android_ransom.apk To verify its supposed functionality we need to copy any picture or document to the SD card to be encrypted by the cryptolocker via Android Debug Bridge (adb) : adb push pic.png /sdcard/Pictures/ To begin Android reverse engineering you will need the following tools: Android SDK, dex2jar, apktool, Java Decompiler, and an archiver on a Windows machine.įirst, I suggest starting an emulator and launching SimpleLocker (MD5: fd694cf5ca1dd4967ad6e8c67241114c) to see how it works. We will analyse this in the next section. However, payment does not fix the supposed problem, and even worse, it leads to a leakage of the victim’s credit card information.įigure 1: Screenshots of the Android Defender FakeAV.įinally, the class of cryptolockers is represented by the widespread SimpleLocker family that encrypts data on an SD card and demands a ransom in order to get them back. The same trick works well on the Android platform: the victim is urged to buy a fake anti-malware app in order to remove malicious programs that have allegedly been found on the device. This is a simple example of the FakeAV class of malware that is well known among Windows users. įakeDefender was discovered in 2013 and described by researchers from Symantec and Fortinet. Specially for Windows users, Koler was empowered with the Angler exploit kit that targets vulnerabilities in Silverlight, Adobe Flash, and Java in case a victim is surfing from Internet Explorer. In addition, the Koler campaign has a comprehensive infrastructure to distribute itself through a specially crafted network of porn sites made with the help of the WebLoader service. It works using the same scheme – demanding that the victim pays a ransom of $100–$300 via Ukash and PaysafeCard in order to unlock the infected device. Īnother example of police ransomware comes from 2014: Koler was supposedly created by the same team as Reveton. ![]() The malware shows a fake police warning that asks the victim to pay $200 within 48 hours for copyright offences. The first sample of Android ransomware to be discovered was dated 2012 and called Reveton FBI or Police Locker. Let us take a look at the evolution of this threat, how it has been growing over the last several years, and whether there are any samples we should be worried by so far. While in Windows a huge variety of blockers have been doing the rounds for the last decade, in Android they have come into play only during the last few years. Android Ransomware OverviewĪndroid ransomware has become popular among malware writers who use social engineering techniques and suspicious app stores to publish their applications in order to get users infected with ransomware. As a result, it can be turned into a crypto unlocker to decrypt encrypted the user’s files on an SD card. Simple reverse engineering techniques can be used to disassemble and patch the cryptolocker. However, the majority of Android cryptolockers are simple enough to be disassembled and reused to restore encrypted data. They adopt new social engineering, communication and encryption techniques such as the use of Tor and advanced encryption algorithms (RSA-1024 and even elliptic curve cryptography). These days, we see an increasing number of new pieces of ransomware for Android devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |