15,000 Spam Emails Hit Android Devices With FBI Porn Warning
Ukranian ransomware demands up to $1,500 to unlock victims’ devices
Android users risk having their mobile devices and private content locked by ransomware that demands $500 to restore access, antivirus solutions provider Bitdefender has warned.
Users who try to independently unlock their devices will see the amount increase to $1,500, with payment demanded via Money Pak and PayPal My Cash transfers.
Adobe Flash Player
Bitdefender has detected more than 15,000 spam emails, including zipped files, originating from servers located in Ukraine. Posing as an Adobe Flash Player update, the malware downloads and installs as an innocent Video Player. When the user tries to run it, a fake error message is displayed.
Catalin Cosoi, chief security strategist at Bitdefender, said: “After pressing OK to continue, users see an FBI warning and cannot escape by navigating away.
“The device’s home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites. To make the message more compelling, hackers add screenshots of the so-called browsing history. The warning gets scarier as it claims to have screenshots of the victims’ faces and know their location.”
Bitdefender detects the threat as Android.Trojan.SLocker.DZ – one of the most prevalent Android ransomware families as the authors regularly create new variants. Bitdefender’s internal telemetry shows multiple versions of this malware family, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.
Cosoi added: “Unfortunately, there is not much users can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device’s home screen button and back functionalities are no longer working, and turning the device on/off doesn’t help either, as the malware runs when the operating system boots.”
In certain circumstances, Android users can reclaim control of their devices. If ADB (Android Data Bridge) is enabled on the infected Android, users can programmatically uninstall the offending application.
Furthermore, if the mobile device supports it, users can attempt to start the terminal in Safe Boot. This option loads a minimal Android configuration and prevents the malware from running, which can buy enough time to manually uninstall the malware.