1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Android Ransomware Just Became a Little Bit More Sophisticated

Discussion in 'Mobile Phones & Devices' started by starbuck, Sep 29, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Android.Lockscreen uses pseudo-random PIN codes to lock users out of their devices and request large sums of money

    67e4ae911d625187cb53cc460a747310.png

    A previously unsophisticated Android ransomware that locks an Android device's screen has received new updates that make it impossible for security researchers to help victims unlock their devices.

    Android.Lockscreen was a simplistic Android ransomware that appeared in March 2015. For a long period of time, this threat operated by setting a custom PIN code and showing a message on the user's screen, asking them to call a number for technical support.

    Users calling this number would be tricked into paying for expensive "technical support" and would then receive the device's new PIN code.

    Previous Android.Lockscreen versions could be removed

    Security researchers that took a look at this threat soon realized that the ransomware's source code included the PIN code used to lock devices.

    For many months, it was easy for security researchers to take a look at the latest Android.Lockscreen samples and extract the PIN code, passing it on to infected victims.

    But the crooks caught on to their own mistake, and in recent versions, they changed the mechanism through which they generate the PIN code.

    New versions use a pseudo-random PIN code

    "Newer variants have eliminated the hardcoded passcode and replaced it with a pseudorandom number," Symantec's Dinesh Venkatesan writes.
    "Some variants generate a six-digit number and some generate an eight-digit number."

    Android.Lockscreen now uses the Java Math.random() function to generate a pseudo-random number, which it sets as the device's PIN code.

    The ransomware is effective at locking the device only on older Android versions, prior to Google's Nougat release, which included protections to prevent calls for PIN/password resets from other apps, if the PIN was set by a user beforehand.

    To prevent losing control over their Android smartphones, users should install apps only from trusted sources, like the Google Play Store, and pay attention to the permissions apps request upon installation.
    Android.Lockscreen, by the operations it needs to carry out, will require a lot of intrusive permissions, such as the ability to lock the user's screen, change device settings, and overlay messages on top of other apps.



    Source:
    http://news.softpedia.com/news/andr...-a-little-bit-more-sophisticated-508747.shtml
     
    starbuck, Sep 29, 2016
    #1
  3. bob12a

    bob12a Senior Member

    Joined:
    Aug 14, 2009
    Messages:
    857
    Location:
    uk
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MEDIONPC MS-7204
    CPU:
    3.00 gigahertz Intel Pentium D 16 kilobyte primary memory cache 1024 kilobyte secondary memory cache
    Memory:
    3072 Megabytes Installed Memory Slot 'A0' has 512 MB Slot 'A1' has 512 MB Slot 'A2' has 512 MB Sl
    Hard Drive:
    910.14 Gigabytes Usable Hard Drive Capacity 376.83 Gigabytes Hard Drive Free Space
    Power Supply:
    NVIDIA GeForce 6700 XL [Display adapter] Samsung SyncMaster [Monitor] (22.0"vis, s/n HS2P405617, A
    Thanks for info
    Bob
     
    bob12a, Sep 30, 2016
    #2

Share This Page