Hackers Demand Ransom for Hijacked Androids

Ransomware has made the jump from personal computers to the Android world.

Android.FakeAV.C, a new breed of ransomware, has been spotted in Asia — almost half (48 percent) in India and Indonesia — according to an alert by Bitdefender security researcher Liviu Arsene.

Mobile ransomware works much like its PC kin. In a PC, a malware program seizes control of a computer and demands a ransom for its release.

Often the bad app will splash a warning on its victim’s display claiming to represent law enforcement, say the FBI or Europol, and charging them with some kind of misconduct — illegal downloads or such.

Frazzled targets often pay the ransom, although most of the time it doesn’t do any good. The bandits take the money and don’t bother to remove the malware from their victim’s machine.

Growing Sophistication

Android ransomware also poses as a security app. “It even shares the same scanning engine as a legitimate Android security solution,” Arsene reported.

That may have been why the malware was initially able to evade detection when members of its family were posted to Google Play, the official online Android app store.

“This demonstrates that Android malware has grown in complexity and attackers are diversifying,” Arsene told TechNewsWorld.

“Last year, we found a very nasty Trojan that behaved as ransomware,” he said. “It locked down your PC and demanded payment to get access to it again.”

“What they did is copy the PC model and adapted it for Android,” Arsene added.

The increased level of sophistication and its similarity with PC ransomware might suggest that Android malware coders are branching out, Arsene noted.”Emulating the behavior of PC malware on Android is no novelty, as we [have] seen in the past how adware gained traction and evolved on the mobile OS.”

Dark Cloud Gathering

Fallout has spread overseas from revelations about U.S. spy agencies snooping on emails, phone calls and data stored on the servers of high-tech Goliaths like Amazon, Google, Apple and Microsoft.

Fifty-six percent of non-U.S. residents said they were less likely to use U.S.-based cloud providers in light of recent revelations about government access to customer information, found a survey released last week by the Cloud Security Alliance.

An overwhelming number of the nearly 500 CSA members from around the world participating in the survey (90 percent) also said that companies that have been subpoenaed through provisions of the Patriot Act should be able to publish summary information about the numbers of responses they have made.

Suspicions about cloud storage now may be a drag on the data rush to the cloud, but they won’t be a doorstop, noted Bill Blake, president of Fasoo USA.

“It may slow it down, but it won’t stop it,” he told TechNewsWorld. “It’s a train that’s left the station, and it’s going to continue.”

Bite Out of Apple

Developers were shut off from their website at Apple last week after a security researcher, who said he was performing a proof of concept of a vulnerability at the site, removed 100,000 user records from the forum that serves some 275,000 code warriors.

The researcher, Ibrahim Balic, said he alerted Apple to the vulnerability but didn’t hear anything from the company until it posted a notice at the developer website declaring it had been hacked.

Once news of the breach broke, a phishing campaign emerged attempting to social engineer online credentials from Apple users.

This particular event had two big attractions for phishers: a top-line news story and Apple.

“Any high-profile event that makes the news will always be subject to phishing scams,” James Lyne, director of technology strategy at Sophos, told TechNewsWorld.

“The running joke in the security community.” he added, “is if you want someone to click on something, use an Apple product as the tease.”

Breach Diary

  • July 20. Canonical reports forums website for Ubuntu operating system breached and encrypted passwords and email addresses compromised by hackers.
  • July 21. Apple acknowledges website for third-party developers breached. Although sensitive personal information was encrypted and could not be accessed, the company said it was not able to rule out the possibility that some developers’ names, mailing addresses, and email addresses might have been accessed in the intrusion.
  • July 22. French Internet hosting company OVH reveals compromise of private data of “a few hundreds of thousands” of its customers after a hacker gained access to a system administrator’s email account, used the account to break into another employee’s internal VPN, and then broke into the account of a system administrator who handled back-office functions. Since the attack, the company has regenerated the passwords of all employees and set up a new VPN in a PCI-DSS secure room with restricted access.
  • July 23. Citi Bike discloses that due to a software glitch, personally identifiable information — including credit card numbers, security codes, passwords, security questions and birth dates — of more than 1,000 customers was compromised.
  • July 25. Four men from Russia and one from Ukraine indicted by U.S. Justice Department for worldwide hacking scheme in which 160 million credit card numbers were compromised and US$300 million in losses were suffered by companies whose networks were compromised by the bandits.
  • July 25. Stanford University recommends anyone with a network account with the institution reset their password “in the wake of an apparent breach” in the school’s information technology infrastructure. The breach is the second since May, when a hacker with the handle “Ag3nt47” stole names, email addresses, photos, and other data of more than 1,400 users and posted them to the Internet.

Upcoming Security Events

  • July 27-Aug. 1. Black Hat USA 2013. Caesars Palace, Las Vegas. Registration: July 25-Aug. 1, $2,595.
  • Aug. 1-4. Def Con 21. Rio Hotel and Casino, Las Vegas. Registration: $180.
  • Aug. 1. Exposing the Hidden Costs of Database Security Solutions. 2 p.m. ET. Webinar sponsored by IBM. Free with registration.
  • Aug. 12-14. AIAA Aviation 2013: Focus on Cyber Threats to Airline Industry. Hyatt Regency Century Plaza, Los Angeles. Sponsored by American Institute of Aeronautics and Astronautics. Registration: July 27-Aug. 10, $1,100 non-member; $940, members.
  • Sept. 24-27. ASIS International 59th Annual Conference. McCormick Place, Chicago. Registration: Before Aug. 21, $895 member, $1,150 non-member. After Aug. 20, $995 member, $1,295 non-member.
  • Oct. 1-3. McAfee Focus 13 Security Conference. The Venetian/The Palazzo Resort-Hotel-Casino, 3325-3355 Las Vegas Blvd., South Las Vegas. Registration: Early Bird to July 31, $875/$775 government; Standard to Oct. 3, $995/$875 government.
  • Oct. 29-31. RSA Conference Europe. Amsterdam RAI. Registration: Discount from July 27-Sept. 27, 995 euros+VAT delgate/595 euros+VAT one day pass; Standard from Sept. 27-Oct.27, 1,095 euros+VAT delegate/695 euros+VAT one day pass; Onsite from Oct. 28-31, 1,295 euros+VAT.
  • Nov. 18-20. Gartner Identity & Access Management Summit. JW Marriott at L.A. Live, 900 West Olympic Boulevard, Los Angeles, Calif. Registration: Early Bird to Sept. 27, $2,075; Standard, $2,375; Public Sector, $1,975.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Smartphones

Technewsworld Channels