eScan Security team has recently found out a new Ransomware in Android devices who are having OS below 5.0 (Lollipop) dubbed ‘Android.Trojan.SLocker.CV’ distributed by a malicious adult app called ‘Porn O Mania’. However, at the time of writing this blog, the malicious app was removed from Google’s official store Google Play.
According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and sometimes demands in virtual currency, such as Bitcoin.
What is Android.Trojan.SLocker.CV?
It is Android based ransomware which is able to lock devices, change PINs and delete entire victim data through factory reset.
How does Android.Trojan.SLocker.CV work?
The Malware enters the device when the user downloads and installs malicious app in his/ her device. Once installation is complete, it displays a fake “Package installation” dialog. The innocent victim clicks on the package installation thinking it to be a necessary Google-related package but remains unaware that the app is encrypting the files present in his/ her external storage and it is gathering sensitive information. This Malware makes our research team believe that it uses sophisticated social engineering to gain Administrator rights. A pop-up is displayed to the victim, which shows an error message (TYPE_SYSTEM_ERROR) to older Android versions allows to appear on top of the window that asks for permissions. After some time, second pop-up is displayed “Installation is complete” and activate a “Continue” button, which is elevated to privileges on the screen. It is observed that cyber-crooks make use of clickjacking technique to root the device. eScan Research team has also found that Android devices having Lollipop OS are not vulnerable to clickjacking technique, i.e. Google doesn’t prevent the above mentioned dialog types from displaying over the system permission dialog.
So how can we safeguard ourselves against Android.Trojan.SLocker.CV Ransomware?
- Use a trustworthy antivirus (eScan) on your Android phone and update it on frequent basis.
- Always download apps from their official website or Google Play Store instead of unknown sources because many apps store are still offering the app.
- Download applications of a reliable app developer. In addition, check the user ratings and reviews of the app.
