A more than two-year old ransomware has shape-shifted to target mobile devices running the Android operating system, extorting hundreds of dollars from victims in exchange for the restoration of their locked hard drives.
The CryptoLocker ransomware initially focused on desktops and as time changes and the users’ preference has dramatically switched to various mobile devices, hackers adapted the malware to try to deceive unsuspecting users into believing that they have been warned by police regulators about violating laws against pornography. Along with the warning is the notification of the user’s device having been locked and for the user to regain access to it, a princely sum must be paid as a penalty.
Of course it all does not make sense if you know you haven’t visited a porn site in the previous days. But any attempt at belying the attacker with reasons would not solve anything if your device has already been encrypted with a strong encryption tool, unless you are willing to pay $300, which is what hackers usually ask in exchange for the key to decrypt a smartphone or tablet.
These hackers are now selling different versions of the ransomware through the black market. Once users happen to visit websites infected with this ransomware, a social engineering scheme is displayed to lure them into downloading a nefarious APK that conceals the ransomware inside it.
Once you have downloaded the APK without your knowledge, the ransomware automatically installs itself in your device. You will only know that it is already working when your homescreen seems to be up and running but nothing else can be done like opening the apps. In other words, users are to be locked out.
Usually, this malware comes in the form of a porn app, so many are sure to fall prey. The same hackers were also responsible for the Reveton ransomware that circulated recently across the United States, UK, France, Germany and Australia. And Microsoft just reported that the rise of Reveton has doubled in the past year even after one of its developers was busted in 2013 by police.
Another ransomware that targets Android devices called Android.Trojan.Koler.A has also been spotted in the wild and it operates in the same manner as the CryptoLocker ransomware.
Ironically, Microsoft found a 70 percent decline in exploitable vulnerabilities in its software between 2010 and 2013, even though the number of zero-day holes rose last year. The only salient difference is that the Android.Trojan.Koler.A is aided by sideloading in the device setting instead of installing itself autonomously.