Ransomware seems to have maintained its
attractiveness amongst cybercriminals, steadily growing on multiple platforms –
including mobile since 2014. Android users have been targeted by various types
of this extorting malware, most frequently by the police ransomware, trying to
scare victims into paying up after (falsely) accusing them of harvesting
illegal content on their devices.
The most popular attack vector used by cybercrooks
has remained unchanged since the beginning of the “ransomware epidemic”. That
is the misuse of unofficial markets and forums to spread their preferred family
or variant of malicious code.
But 2016 also brought cases where cybercriminals
added other, more sophisticated methods to their toolboxes. Attackers tried to
bury malicious payloads deeper into applications. To achieve this, they encrypted
them, then moved them to the assets folder, which is typically used for
pictures or other contents necessary for the app. The apps however,
seemingly had no real functionality on the outside, but on the inside, there
was a decryptor able to both decrypt and run the ransomware.
ESET experts have also documented Android
ransomware spreading via email. Attackers used social engineering to manipulate
victims into clicking on a malicious link in the message and directed them to
an infected Android application package (APK).
Another interesting development observed this year
has been the growing focus of Jisut ransomware operators on Chinese markets,
using a localized Chinese ransom message.
If you want to know more about the contents of our
new Trends in Android Ransomware whitepaper stop by ESET booth B05 in Hall 5 at
Mobile World Congress 2017 in Barcelona. On top of that, ESET’s chief research
officer Juraj Malcho will talk about recent developments in banking malware as
well as ransomware.