eScan Advisory on Ransomware


Ransomware is again in the news! Almost major social media, e-mails are infested with discussion forums on various ransomware and their adverse effects on the respective devices. eScan delves deep into the R&D again and resurfaces the advisory on the same.

Overview of Ransomware

Half of the year has passed by and we have witnessed various Ransomware such as Locky, Petya, Samas, Android.Trojan.SLocker.CV attacking individual computers, personal mobile phones and business organizations. We already predicted in our threat prediction that “Ransomware creators would be looking to target new operating system such as Mac”, KeRanger happened to be first Ransomware to target Mac OS X system.

What is Ransomware?

According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and is sometimes demanded in virtual currency, such as Bitcoin.

How does it spread?

Locky Ransomware enters user’s e-mail as highly obfuscated JavaScript (file with .JS extension) inside an archive, which is attached to a Spam Mail, usually pretending to be an official document. Opening of such an attachment is enough to get system compromised with Ransomware. This virus can also spread via file sharing services and social networking sites, which may contain similar attachments and files. It might be presented to user as useful or something required, like an update.

Petya Ransomware, another destructive Ransomware is transmitted through spam e-mails targeting business users pretending to contain job applications. For instance, HR personnel receiving a Dropbox link to a file, which pretends to be resume of a candidate, seeking a position in the company. Clicking the file leads to installation of Ransomware.


Ransomware not only targets individuals, but businesses and government can also be victims to it. Around 150 Computers of Mantralaya, headquarters of Maharashtra Government were attacked by Locky.  Paying the ransom amount doesn’t guarantee that encrypted files would be released.


  • Update your antivirus software (like eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Always download apps from their official website or Google Play Store instead of unknown sources because many apps store are still offering the app.
  • Download applications of a reliable app developer. In addition, check the user ratings and reviews of the app before download.
  • Ensure that all the software installed in your system are updated frequently, including Oracle Java and Adobe.
  • Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
  • Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
  • Open emails only if you are positive about the source.
  • Regularly create backup of your important files.




Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , | Leave a comment

Trojans Squeeze the Life out of Android

Android Trojan

#Android #Trojan

Is your Android Phone infected with an Android Trojan Horse? You’re minding your own business when your Android phone dings and you see that a close friend has texted you a link with some pictures, and most of us would tap the link without even thinking about whether it was unusual that he/ she had suddenly taken up texting selfies, and could unwittingly become victims of a mobile Trojan scam.

Windows Operating system has been the popular victim of Trojan Horses until now. Since the penetration of Smart Phones in the market, the users’ hands never been idle reasons of this smartphones are at high risk of the Trojan programmers to infect the Mobile operating system. Once a user has installed one of the malicious apps, the Trojan collects nearly 30 different types of information about the user’s device and transmits them to a remote server operated by the attacker. An Android Trojan which displays unwanted ads and installs nuisance software on mobile devices has been discovered in all Smartphones. The Trojan module is able to “remotely update the operating system, collect information, display notifications (including advertising ones), and make mobile payments.” Here are many ways to get your mobile device infected with Android Trojan. For example, when you are going to browse online or watch a video on the Internet, you may be tricked into installing an app first which gives you a prompt message that you are missing a plug-in, then it will suggest you to download software called Video Player or Adobe Flash Player update. Once you do that and open the downloaded software, it turns out to be Android Trojan and your phone screen gets locked up right away. On the other hand, the virus can be disguised as a mp4 file or other APK files which are often bundled with spam e-mails without any notice. According to the research, more than 15,000 spam e-mails containing malicious files has hit the inboxes of Android users in the last few days. Users should be more cautious and take necessary measures to avoid such infection on the device.

In some cases, the virus only attacks web browsers instead of taking over the whole phone screen. Android Trojan hijacks your Internet and doesn’t allow you to go online anymore. It also requests users to pay to full access to the phone.

The Trojans are malicious programs that can perform any dangerous actions in your Smartphone and Tablets. For example, this malware can send SMS to premium numbers, can read your SMS, and even block your SMS. Also, it can request USSD codes to activate value added service to cost your money in the Mobile account.

Some Trojan can take Root privileges using vulnerability in your Android Phone and can do any actions. If they gain Android Device Manager Privileges, You can’t detect and uninstall Trojan viruses from your Android Phone. Even some other Android Trojan can steal your private information and leach your mobile data. Once this Trojan has collected all of your personal information, those details are sent back to a database where the information is logged. From there, the hackers of the Trojan can collect those details and use them elsewhere.

Once Trojan is launched, the Trojan transmits the following information on the device to the server:

  • OS version
  • SDK system version
  • Device model
  • Screen resolution
  • CPU type
  • IMEI identifier
  • ISO country code
  • Android build version
  • Cell phone number
  • SIM serial number
  • User’s location
  • Network subtype
  • Availability of root access
  • The current version number of the Trojan
  • Generated unique user ID for phone
  • Network connection type
  • Mobile network operator
  • E-mail address connected to a Google user account
  • Google Cloud Messaging identifier (GCM id)
  • The “user agent” parameter generated using a special algorithm
  • Whether an infected application has administrator privileges
  • Name of an infected application
  • Presence of a Google Play application on the device

emails spam


In addition to the initial information sent to the C&C server, there are many more functions that can be requested remotely such as:

  • Download an APK and prompt user to install it
  • Get call logs
  • Get SMS inbox
  • Get bookmarks
  • Get contacts
  • Get list of installed apps
  • Lock the screen
  • Redirect calls to a specific number

Possible Danger Caused By Android Trojan:

  • It will take control of your mobile phone rapidly once it is downloaded.
  • It will pretend itself as a legit warning and then ask for a payment.
  • It will not allow you to change your phone settings or open Google Play to download antivirus program.
  • It may damage your computer data and the Android system.
  • It will not let you power off the phone or do anything else except the inputs related to the demand for Money.

money fraud

#Money #Fraud

How to Remove this Trojan

In order to remove this Trojan, a factory reset is recommended, though it is advised to take the phone to an expert, as different Smart Phones have different methods of initiating a Factory reset or Safe Mode.

Safety Tips to Prevent Infection

  1. Always install apps from Google play and official sites.
  2. Turn off Bluetooth if not in use.
  3. Install reliable mobile security software that automatically scans apps before they run for the first time.
  4. Take regular backups of your important data on your phone on cloud or external storage devices.
  5. Before connecting your mobile devices to any computer, ensure that the latter is secure with multi-layered antivirus software.
  6. Avoid clicking links in unknown and unsolicited e-mails and SMSs.
  7. Have your mobile apps updated to their latest version. And ensure that your mobile OS is updated too.

eScan strongly recommends Android users to pay careful attention to applications they are going to download, and install programs developed only by reputable companies. eScan for Android effectively detects and removes all known modifications of Android Trojan and, therefore, this malicious program poses no threat to our users.

Posted in eScan 11 | Leave a comment

Banking Malware – How Safe are we in Online Banking?

What Is Online Banking Fraud?

Online Fraud is the act of committing a financial fraud which has a digital footprint. Some of the key frauds are business opportunity fraud, Charity donation fraud, Domain name scams, Identity fraud and Mass marketing fraud. Scammers most frequently use Malware, Trojans, Phishing and Vishing to carry out such attacks. These acts by cyber criminals tend to siphon off financial, personal or intellectual property data of any individual or organization. Ransomware based malwares are created with the sole intention to extort money from their victims.

If you are targeted with hoax e-mails, which appear to be genuine bank emails, then you need to be alert enough to respond to such e-mails. These e-mails ask you about the security details, hence, you need to be ensure that your logging into the authentic banking site. Banks never send any e-mails to the customers to get the confidential details. Thus it is better to stay alert! Sometimes, the purpose of the websites is to obtain your credentials to access your financial accounts. Alternatively, these websites may ask you to install software from any link given in the page. By downloading the software you are in fact tricked into downloading a virus.

Malware is an all sorts of malicious and harmful software. Unrequested and undetected, it succeeds in installing itself on your computer. Malware influences normal computer processes and steals information. Fraudsters use malware to get money out of your account as well as to commit identity theft.

If computer is infected by Malware that will sends information to your bank that is different from that which you intended – for example the recipient of a payment. Malware could also introduce additional  data fields in an otherwise genuine site, by injecting additional code into your browsing session within your browser.

How Malware Spreads?

While visiting a website, you may get a pop-up which states that it has found a virus on your computer; and exhorts to install a free trial of a virus scanner or run an online scan of your computer.

You get an e-mail that appears to be from your bank with the request to install the attached update to plug into a hole in their internet banking security. This can also happen when you find a video on the internet. In order to play it, you have to install a special plug-in which in itself is malicious.

Naturally not every download contains malware, but it is definitely the case that malware is often downloaded along with unknown files from the internet.

Ransomware is a form of malware that gives criminals the ability to encrypt the files on a computer – then display a window informing the owner that it will not be decrypted until a sum of money is paid. The best-known variety of ransomware in recent times is called CryptoLocker.

CryptoLocker is one of the nastiest pieces of malware ever created. It’s not just because it takes  money from you but due to the sheer fact that your important files are encrypted rendering them useless. It is also to be noted that once it manages to encrypt your data, there is no way for you to decrypt those files except the one provided by Cryptolocker itself ie. Payup the ransom and get the decryption key.


Perpetrators of online fraud using the phishing technique try to get hold of your personal data and or your Credit/ Debit Card by sending e-mails, sms messages or calling you on the telephone. This data  will allow them to withdraw money from your account but also to perpetrate identity fraud. Phishing does not only affect Internet banking but it can also pose a threat to any payment system via digital wallet.

This can happen if you receive an e-mail out of the blue. The message appears to be from your bank or the company issuing your credit card. You have to click a link to a website that looks extremely similar to your bank’s own website.On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for “security reasons”, “file checks”, “data loss”, etc. Sometimes you will also be requested to mail your data directly to a specific person.

Although phishing is mainly done via e-mail, fraudsters can also call you on the telephone. They pretend to be a bank employee telling you that there are problems with your bank account or your credit card and your financial security is on stake.

                Vishing, similarly to a phishing scam, the fraudster will masquerade as a well-known and trusted business in an attempt to gain information. However, rather than this being carried out via email, the scammer will telephone their victim. They could also be tricked by phishing emails or vishing phone calls into disclosing your password and other confidential details. Identity theft caused by viruses or spyware, give criminals to access to your bank account and other personal information stored on your computer.

                Smishing scams are similar to phishing scams.You get a sms message from a bank or service provider asking you to do something. However, the Smishing is really a       message from a scammer.While most people are familiar with email phishing scams, they’re less skeptical when receiving Smishing messages and victim gets trapped easily

Preventive Measuresbanking malware

  • Make sure your Smartphone or tablet is always protected with a PIN which is difficult to guess.Do not reveal your PIN to anybody, nor write it or store it where it can be found. It is a good practice to regularly refresh passwords and PIN codes, ensuring that you are using a unique combination of letters, numbers and punctuation for your various log in details.
  • Make sure your PC is sufficiently secured, for instance by installing an up-to-date version and a Anti-virus or a secured WI-FI connection.
  • Use the option for a text message to be sent every time a transaction occurs on your account. This will notify you of fraudulent transactions as soon as they happen.
  • If someone calls you up on behalf of your bank and asks you to provide personal data and/or to sign electronically, refrain from taking any action at all, for your bank will never ask you to provide this kind of information.
  • Put your electronic signature only for orders you expect or have initiated yourself.
  • In case of doubt, immediately abort the transaction and take contact with your bank’s help desk, especially when the procedure for signing differs from the usual procedure.
  • Check your statements of account at regular intervals.
  • Keep the banking and other apps on your device regularly updated.
  • In order to avoid such incidents, use reputed Anti-Virus and IT security solution providers like eScan and stay safe from all such attacks.
Posted in eScan 11 | Leave a comment