Android Faces New Ransomware Scam, Symantec Warns

Robert Lemos,
Android malware

Android devices are increasingly being frozen until their owners pay a ransom, Symantec has warned

Owners of Android devices beware, after Symantec warned that criminals have begun targeting Android smartphones with software that locks the device until a ransom is paid to get the unlock code.

Known as ransomware, the scam has typically targeted personal computers, where it has become a profitable way for cyber-criminals to fleece consumers whose computers are not adequately protected against these scams.

Fake AV

Now, the aggressive fake antivirus scam has spread to mobile devices as well, Symantec stated in a blog post. A program called Android Defender – not related to a legitimate program of the same name – infects the victim’s device by using a fake installer and then appears to do a scan, finding a number of critical security issues. If the user does not buy the program, it will eventually make the device unusable, said Kevin Haley, director of product management of Symantec’s security response group.

“It is ransomware because it won’t give you your phone back until you pay for it,” he told eWEEK. “It won’t let you start other apps, and keeps throwing up pop-up dialog boxes and notifications.”

A typical ransomware page
A typical ransomware page 

Ransomware evolved from fake antivirus scams – also known as scareware – which uses JavaScript on Web sites to pretend to scan a visitor’s system and, unsurprisingly, find a large number of security issues. The software would offer to clean up the infection after installation, but once installed, asked for $30 (£19.46) to $100 (£65) as a subscription fee to the software.

Ransomware takes that scam one step further, locking up the system entirely until the user pays up, with ransom demands varying from $200 (£130) to $500 (£324). In November 2012, for example, Symantec found one ransomware campaign that could earn its criminal operators more than $30,000 (£19,455) a day. On the PC, ransomware typically corrupts system files or encrypts the user’s data to make the PC unusable unless the victim pays. Many ransomware scams use the name and logos of national law-enforcement organisations to scare the victim and dissuade them from reporting the crime to the authorities.

Criminal Scam

Android Defender appears closer to the original fake antivirus scams of a few years ago, using false detections and pop-up dialogue boxes to convince the user to part with nearly $100 (£65), says Haley. The program has problems as well. On some devices, it locks up the system; on other devices, the user can recover control of the system; and in still other devices, it crashes the system.

“In some cases, users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset, which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer,” Symantec said in a statement.

Any affected phone can be fixed by flashing the device with the original factory firmware, which in most cases, must be done by an authorised dealer.

While Symantec and other antivirus vendors recommend that users install security software on their phones, nearly all Android malware – except in a few isolated cases – can be avoided by downloading applications from official app stores, such as Google Play.

How well do you know security? Try our quiz!

Originally published on eWeek.