Researchers at security company ESET have found a type of malware that changes an Android device's PIN, the first of its kind ...
Researchers at security company ESET
have found a type of malware that changes an Android device's PIN, the first of
its kind in an ever-evolving landscape of ransomware attacks.
For most users, the only option to
get rid of the malware is to reset the phone to its factory settings, which
unfortunately also deletes all the data on the device.
The malware calls itself "Porn
Droid" and bills itself as a viewer for adult content. It has only
been seen on third-party Android application marketplaces or forums for pirated
software, wrote Lukas Stefanko, an ESET malware analyst.
But after it's installed, users see
a warning supposedly from the FBI that they've allegedly viewed
"prohibited pornography." It asks for a US$500 fine to be paid within
three days.
To change the device's PIN, Porn
Droid needs administrator-level access to the phone. Stefanko wrote that
the malware uses a new method to obtain that high level of access.
When Porn Droid runs, it asks people
to click a button to activate the viewer app. But beneath that window, and
obscured by it, is another button for setting device administer privileges.
"After clicking on the button,
the user's device is doomed," Stefanko wrote. "The Trojan app has
obtained administrator rights and now can lock the device. And even worse, it
sets a new PIN for the lock screen."
Other kinds of Android malware
locked the screen by keeping the ransonware warning in the foreground using an
infinite loop. But that could be remedied by using a command-line tool, the Android debug bridge, or deactivating admin rights in Safe Mode, according to Stefanko.
In the case of Porn Droid, if
someone tries to deactivate the admin privileges, the malware uses a call-back
function to reactivate them, Stefanko wrote.
The malware is also coded to try to
shut down three mobile antivirus products: Dr. Web, ESET's Mobile Security and
Avast.
More advanced users may be able to
get rid of Porn Droid without resetting and erasing all data on their phone. It
is possible to remove the malware if a user has root privileges to the device,
and some security software can stop it, Stefanko wrote.
Ransomware attacks, both desktop and
mobile, have become some of the most persistent and damaging scams on the
Internet. One of the most prevalent scams is encrypting a person's files and
asking for money for the files to be decrypted.
Security experts generally advise
not paying the ransom, as in many cases fraudsters never bother to fix the
victim's computer.
No comments
Post a Comment