Archive for the ‘SCAMS FRAUDS CONS’ Category

This nasty new Android ransomware encrypts your phone — and changes your PIN

Thursday, October 19th, 2017

DoubleLocker ransomware deploys technique previously used by trojans to gain full control of the device and completely lock it down.

A new form of Android ransomware encrypts victims’ data and changes their PIN, making it almost impossible to get their files back without paying a ransom.

Dubbed DoubleLocker by researchers at ESET who discovered it, the ransomware is spread as a fake Adobe Flash update via compromised websites.

Once downloaded onto the device, the fake Adobe Flash app asks for activation of ‘Google Play Services’ exploiting a series of permissions via accessibility services, a function designed to help people with disabilities use their phone.

These include retrieval of window content, turning on enhanced web accessibility for the purposes of installing scripts and observing typed in text. The same technique of abusing accessibility services has previously been exploited by data-stealing Android trojans, but this is the first time it has been seen in ransomware.

Once given the appropriate permissions, DoubleLocker installs the ransomware as the default Home application, meaning the next time the user visits their home screen, they’re faced with a ransom note.

“Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence. Whenever the user clicks on the Home button, the ransomware gets activated and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launched malware by hitting Home,” says Lukáš Štefanko, malware researcher at ESET.

DoubleLocker locks the device in two ways. First, like other forms of ransomware, it encrypts the files on the device, in this case utilizing the AES encryption algorithm with the extension “cryeye”. Unfortunately for victims, the encryption is applied effectively, meaning there’s currently no way of retrieving the files without the key.

Secondly, the ransomware changes the PIN of device, effectively blocking the victim from using it in any way at all. The PIN is set to a random number which the attackers don’t store themselves, meaning its impossible to recover access to the device. The attackers remotely reset the PIN when the device is unlocked after the ransom is paid.

In return for unlocking the device, the attackers demand a ransom of 0.0130 Bitcoins – around $73 at the time of writing because of the high valuation of the currency.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

While this figure is low compared with other forms of ransomware, it’s likely the cyber criminals behind the scheme think that victims are more likely to pay a smaller amount in order to regain access to their phone or tablet.

A deadline of 24 hours for paying the ransom is issued by the attackers, who claim “Without [the software], you will never be able to get your original files back”.

For most, there’s only one way to rid the device of DoubleLocker without paying the ransom – and that’s via a factory reset, which will lead to all of the data which isn’t backed up being lost.

There’s a small chance the rooted Android phones can get past the PIN lock without being reset and that’s only if the device was in debugging mode before the ransomware is installed. If this is the case, the user can remove the system file where the PIN is stored, which allows the user to manually reset the device.

The best way for Android users to avoid falling victim to ransomware or other malware is to not install applications or software from third-party sites.

However, Google’s own Play Store isn’t bulletproof – the official market keeps out the vast majority of malicious apps, but some still slip through the net.

Henry Sapiecha


Tuesday, November 22nd, 2011

In the wrong hands, your gadgets could cost you big time

THE trend to go mobile hasn’t escaped the attention of the bad guys. They’re focusing more than ever on portable mobile devices as people shift from computers to hand-held gadgets.

We tend to leave a lot of sensitive & sometimes personal information lying around on our gadgets. Worse yet, we tend to stay logged in to many services. Imagine the havoc someone could wreak with access to your phone, email, calendar, financial records, online shopping, online banking, social networking and other services. Keep in mind that if it’s a business phone, you’re putting your organisation’s security at risk as well as your own.

Sophos head of technology for Asia Pacific, Paul Ducklin, warns it’s important to password-protect all your devices, particularly those that leave the house.

”In a recent Sophos survey, nearly one-quarter of people admitted they’d lost a device in the past year,” Ducklin says. ”But of those, close to three-quarters hadn’t even bothered to lock their device at all.

”Their excuse is often that it’s inconvenient to unlock it every time – but that’s surely not as inconvenient as trying to reclaim your digital life after someone gets their hands on your unlocked phone.”

Installing mobile security software in your gadgets can offer the ability to track, remotely lock and even wipe your devices, adds Symantec spokesman David Hall. It’s a sensible precaution to stop your data falling into the wrong hands should a gadget be stolen or lost. Regularly backing up your smartphone to a desktop computer or an online service makes it easy to transfer your data to a replacement handset, while the lost device is reverted to its factory settings.

Smartphone owners should take great care when installing applications, Hall warns, as some have been modified to snoop around in your phone & cause you grief.

”The current trend is towards ‘Trojanised’ applications, with the majority targeting the Android platform,” Hall says. ”These are legitimate apps that scamming authors have altered to include malicious code capable of harvesting data or opening a back door. In many instances, such apps still carry out their legitimate functions as a way of disguising their malicious behaviour.”

”You should always check permissions requests before installing new apps or app upgrades, to see what the app is allowed to do. It’s also important to check your phone bill regularly for unusual premium-rate calls or data charges, which can be a sign that something is wrong.”

Apple’s tight rules for vetting apps frustrate some users but it helps create a safer mobile computing environment for iGadgets.

Google’s more lax approach offers users and developers more freedom but leaves the door open for malicious applications. Google has already been forced to pull dozens of malicious mobile applications from the Android Market app store.

Android also allows users to install applications from sources other than Google’s official Android Market – presenting extra security threats. Microsoft has vowed to strike a balance between the two approaches with its Windows Phone 7 mobile operating system.

Sourced & published by Henry Sapiecha