New ransomware discovered, uses Global XMPP chat to contact server

September 7, 2015

Views: 811

Malware like Ransomware is a serious problem but instead of victimizing desktops and laptops, mobile devices are now the latest victims. It's not really surprising because millions of people already rely on their smartphones or tablets for even their major computing tasks. Almost anything can be done on small mobile devices now that attackers have learned to target them because it's easier.

Ransomware happens when an app is downloaded to a device. It would seem like any ordinary app but in reality, it's infesting the phone by disallowing the user to access all other files, important data, and photos. You can still get your files but only after you pay a ransom. You'll see a ransom note saying something like "files have now been encrypted".

While we haven't experienced ransomware personally, we know it can be quite a hassle. Last year the Koler.A ransomwareblack mailed Android users for bad judgment and Simplelocker.A held SD cards hostage using encryption. About 16 million mobile devices were infected by malware last year and we noted that ransomware were increasing in number.

You say it's just easy to avoid such malware but you wouldn't easily know if a legitimate-looking application is not infected with Ransomware. A lot of people have already paid a huge amount of money for such infection that is now considered as a serious threat to the mobile industry. Thousands of phones have been attacked already and we don't think the malware will go away anytime soon. Why, a new sample of ransomware is believed to be spreading around by taking the form of a video and flash player app.

Data are held hostage by the ransomware and you'd see a message saying that you've been using the phone for inappropriate and illegal activities. Of course, there is no truth to that, right?  Victim needs to pay a fine just so you can get important data that the ransomeware encrypted and kept you out from accessing.

Variants of most ransomware usually use HTTP/S protocol to communicate with servers before file encryption. Malware only receives the encryption key previously saved on a C&C server after finalizing a communication. We don't know how genius hackers make them but a new Android ransomware is reportedly going around disguised as a new video play app using XMPP chat to connect and contact remote server. According to Check Point Software Technologies, there have been a lot of victims --about tens of thousands already. These victims are believed to have paid up anything between $200 and $500 as ransom for their files.

Victims of this new malware were shown a message purportedly from the National Security Agency (NSA). The message looks legit you wouldn't think it's fake because normally, you'd think first it's scary and really threatening because threats of fines and copyright violations are thrown into your face. Payment must be made within 48 hours or else fine would be tripled. That's crazy but unfortunately, a lot have been victimized already.

There's no permanent solution for this one yet but as an Android device user, you need to be more careful in downloading apps because you'll never know what kind of and how many malware are out there.

VIA: Check Point


Tags: , ,

  • Paul

    Well thanks for the suggestions about what we can do to stop it….!

  • Someone asdf

    Not sure why this is an issue.

    Android’s default permissions block write access to other apps’ data…

    Most it can do is encrypt data to it’s own folder unless you specifically grant it permission to the root of the file system…