Categories: SecurityVirus

15,000 Spam Emails Hit Android Devices With FBI Porn Warning

Android users risk having their mobile devices and private content locked by ransomware that demands $500 to restore access, antivirus solutions provider Bitdefender has warned.

Users who try to independently unlock their devices will see the amount increase to $1,500, with payment demanded via Money Pak and PayPal My Cash transfers.

Adobe Flash Player

Bitdefender has detected more than 15,000 spam emails, including zipped files, originating from servers located in Ukraine. Posing as an Adobe Flash Player update, the malware downloads and installs as an innocent Video Player. When the user tries to run it, a fake error message is displayed.

Catalin Cosoi, chief security strategist at Bitdefender, said: “After pressing OK to continue, users see an FBI warning and cannot escape by navigating away.

“The device’s home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites. To make the message more compelling, hackers add screenshots of the so-called browsing history. The warning gets scarier as it claims to have screenshots of the victims’ faces and know their location.”

Bitdefender detects the threat as Android.Trojan.SLocker.DZ – one of the most prevalent Android ransomware families as the authors regularly create new variants. Bitdefender’s internal telemetry shows multiple versions of this malware family, bundled with spam messages originating from different .edu, .com, .org and .net domain servers.

Cosoi added: “Unfortunately, there is not much users can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device’s home screen button and back functionalities are no longer working, and turning the device on/off doesn’t help either, as the malware runs when the operating system boots.”

In certain circumstances, Android users can reclaim control of their devices. If ADB (Android Data Bridge) is enabled on the infected Android, users can programmatically uninstall the offending application.

Furthermore, if the mobile device supports it, users can attempt to start the terminal in Safe Boot. This option loads a minimal Android configuration and prevents the malware from running, which can buy enough time to manually uninstall the malware.

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

13 hours ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

13 hours ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

15 hours ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

1 day ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

1 day ago