{"id":3436,"date":"2014-05-08T10:00:52","date_gmt":"2014-05-08T14:00:52","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=3436"},"modified":"2020-02-26T20:27:56","modified_gmt":"2020-02-26T14:57:56","slug":"new-ransomware-for-android","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/new-ransomware-for-android\/3436\/","title":{"rendered":"A CryptoLocker for Android?"},"content":{"rendered":"<p>Remember when we told you that <a href=\"https:\/\/www.kaspersky.com\/blog\/cryptolocker-is-bad-news\/\" target=\"_blank\" rel=\"noopener nofollow\">the CryptoLocker ransomware was bad news<\/a>? Well, a new variant of ransomware targeting users on Android is \u2013 at the very least \u2013<a href=\"https:\/\/threatpost.com\/cryptolocker-ransomware-moves-to-android\/105937\" target=\"_blank\" rel=\"noopener nofollow\"> associating itself with CryptoLocker<\/a>, which is known for encrypting critical computer files and demanding ransom to decrypt them. This development is unsurprising, considering Android\u2019s market share and the broad increases in malware samples targeting Android devices.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2014\/06\/05093841\/locker.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4750\" alt=\"locker\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2014\/06\/05093841\/locker.jpg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>Ransomware refers to a class of malware that locks down an infected machine and demands some sort of payment to unlock it. In some cases, the malware merely renders a computer unusable. In others \u2013 like the case of CryptoLocker \u2013 the ransomware encrypts important files on the infected machine and demands payment for the private key that would decrypt those files. CryptoLocker is fairly honest with its victims about what its intentions are, whereas many varieties of ransomware present their victims with warnings purporting to come from law enforcement. These warnings generally say that some sort of illegal content has been found on the victim\u2019s machine and that a fine must be paid in order to unlock the computer.<\/p>\n<p>In this case, a group of criminals responsible for a different variety of <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-blockers-a-new-approach-to-fighting-them\/\" target=\"_blank\" rel=\"noopener nofollow\">ransomware<\/a> \u2013 known as Reveton \u2013 is advertising a CryptoLocker-like piece of malware capable of infecting Android mobile devices.<\/p>\n<div class=\"pullquote\">The extent to which this piece of ransomware relates to the notorious, desktop targeting CryptoLocker is unclear, but whoever made it is clearly playing off the success of the old CryptoLocker as some sort of criminal marketing scam.<\/div>\n<p>A well-known security researcher who operates under than handle \u2018Kafeine\u2019 uncovered this new strain and wrote about it on his blog <a href=\"http:\/\/malware.dontneedcoffee.com\/2014\/05\/police-locker-available-for-your.html\" target=\"_blank\" rel=\"noopener nofollow\">Malware don\u2019t need Coffee<\/a>. He found that, when victims on Android devices connect to a domain infected with this strain of malware, they are redirected to a pornographic site that deploys a bit of social engineering in order to trick users into an application file containing the malware.<\/p>\n<p>Herein lies the good news: you would actually have to install this malware yourself in order to become infected, which is why we recommend only installing applications from the legitimate Google Play store.<\/p>\n<p>\u201cThe locker is kind of effective,\u201d Kafeine writes in an explanation of the malware. \u201cYou can go on your homescreen but nothing else seems to work. Launching Browser, callings Apps, or \u2018list of active task\u2019 will bring the Locker back.\u201d<\/p>\n<p>The application file that a user would need to download in order to become infected with this masquerades as a porn app. If a user launches that app, it displays a warning screen notifying users that they have been accused of viewing or disseminating pornography on their phone.<\/p>\n<p>The message also informs the user that he or she could potentially face a 5-to-11-year jail sentence, unless they pay a $300 fine via MoneyPak.<\/p>\n<p>The version of the kit that\u2019s being advertised by the Reveton gang has variants for victims in more than 30 countries, including the United States, UK, France, Germany, Australia and Spain.<\/p>\n<p>The extent to which this piece of ransomware relates to the notorious, desktop targeting CryptoLocker is unclear, but whoever made it is clearly playing off the success of the old CryptoLocker as some sort of criminal marketing scam. This is interesting in and of itself, because it demonstrates the ways in which cybercriminals replicate legitimate business practices to maximize profit, though this is a story for a different day.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new piece of ransomware is targeting Android users and may be related to the infamous CryptoLocker malware.<\/p>\n","protected":false},"author":42,"featured_media":3438,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2196],"tags":[105,624,36,218,443],"class_list":{"0":"post-3436","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-android","10":"tag-cryptolocker","11":"tag-malware-2","12":"tag-mobile-security","13":"tag-ransomware"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/new-ransomware-for-android\/3436\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/new-ransomware-for-android\/3322\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/new-ransomware-for-android\/3745\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/new-ransomware-for-android\/3853\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/new-ransomware-for-android\/3966\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/new-ransomware-for-android\/4749\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/new-ransomware-for-android\/3606\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/new-ransomware-for-android\/3966\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/new-ransomware-for-android\/4749\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/new-ransomware-for-android\/4749\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/3436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=3436"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/3436\/revisions"}],"predecessor-version":[{"id":19050,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/3436\/revisions\/19050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/3438"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=3436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=3436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=3436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}