IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Kiwis warned to watch out for mobile ransomware
Thu, 31st Jul 2014
FYI, this story is more than a year old

Mobile device users are being warned to be vigilant for mobile ransomware, with reports of a steady increase in the malicious software in recent months.

Security company Fortinet says rasomware threats have been 'big' on mobile phones this year, from the emergence of the first variant targeting iOS devices to the first Android variant that encrypts phone data.

Ransomware is a type of malware that restricts usage of an infected device, demanding payment in order for the device to be freed again.

This week a ransomware campaign using the Koler malware reported hit thousands of Android users worldwide, displaying a phony law enforcement message and demanding up to US$300 to unlock the device.

Ruchna Nigam, Fortinet FortiGuard Labs security researcher, says hackers have found a new lucrative target in mobile handsets.

“The public needs to become more security-aware, and take more measures to prevent their handsets from becoming conduits of monetary and information loss."

Nigram's top tips to guard against mobile ransomware are:

* Have a functional antivirus software on your phone. This should prevent or at least warn against installation of infected applications.

* Always install applications from trusted sources and developers. If in doubt, user comments can help gauge the legitimacy of an application.

* iPhone and iPad users should activate and set passcodes on their device. This forces the use of that passcode while activating the Find My iPhone feature, thereby rendering the iCloud ‘Oleg Pliss' ransomware attack ineffective.

Fortinet highlighted four mobile ransomware it has detected recently.

Simplocker, discovered in June, comes in the form of trojanised applications like a flash player, for example.

Fortinet says this is the first 'real' ransomware seen on Android, in the sense that it actually encrypts files with extensions like jpeg, jpg, png, bmp,gif, pdf, doc, docx, txt, avi and mp4, on the phone.

Even after uninstallation of the application in safe mode, filed need to be decrypted to be read.

Cryptolocker for mobile, discovered in May, disguises itself as a fake BaDoink video downloader application. The malware doesn't cause any damage to the phone data, but does display a locked screen claiming to originate from local police and customised to the geo-location of the end user.

The locked screen is relaunched every five seconds making phone operation near impossible without uninstalling the malware.

iCloud 'Oleg Pliss', also discovered in May, accounted for the first reported cases of ransomware for Apple devices.

Fortinet says these incidents can't be attributed to a particular piece of malware, but to compromised iCloud accounts in combination with social engineering.

“The attackers were believed to have exploited Apple’s Find My iPhone, iPad, and Mac feature along with recycled passwords leaked from password breaches.”

The attack doesn’t work if the device already has a passcode (phone lock) set. The malware can potentially leak calendar and contact information, and allow the attacker to delete all information on the phone.

FakeDefend, discovered in July 2013, comes disguised as a fake antivirus application, prompting endusers to pay for a full subscription after performing a fake scan and showing a list of hardcoded 'infections'.

“If the [Android] user decides to pay, the credit card details entered are leaked to the attacker's server in plain text. These captured credit card details may be used for rogue transactions later.”