Android Ransomware Sends Internet History To Phone Contacts

Mobile users may want to think twice about accessing dodgy sites on their handset following the discovery of a new ransomware strain that threatens to expose all your browsing history to family and friends.

Android.Lockdroid.E, uncovered by researchers at Symantec, is able to trick users into handing over administrator rights to a smartphone, lock it, change the PIN and even delete all data through a factory reset.

But first, in an attempt to extort money from the victim, the ransomware displays a message claiming that the user had accessed forbidden materials, and then threatens to send their browsing history to all their contacts unless a ransom is paid.

Sophisticated

However, Symantec warns that even more harm can come to the device if the administrator rights to the device are given to the malware, often by tricking the user using what the firm calls “sophisticated social engineering” tactics.

Upon downloading and installing the malicious app (a fake porn-viewing app called ‘Porn ‘O’ Mania’, which cannot be found on Google Play but only on third-party app stores), the system activation dialog is covered by a fake “Package Installation” window.

This presents a “Continue” button, supposedly to install a necessary Google-related package, but in reality is actually covering up the button needed to activate the app as a device administrator, which, when tapped on, gives the malware full access to the device.

From there, it is then able to exert complete control over the device and carry out its ransom demand. This is typically done by locking the screen and displays the bogus alert regarding the user’s browsing history, whilst in the background gathering the victim’s contacts list and encrypting the data.

Users are then told to pay a ransom, or face the loss of all this encrypted data and having their browsing history sent to all their contacts.

Symantec is advising its users never to download apps from third-party app stores, as Google Play can provide verified status for its products to keep customers safe.

Are you a security pro? Try our quiz!