A mobile strain of ‘ransomware’ targeting Android users has infected almost one million devices in the US in just 30 days.
The malware strain, called ScarePackage, has affected more devices in the US than a quarter of all malware did in all of 2013, Jeremy Linden, a product manager at mobile security firm Lookout, told the New York Times.
Kaspersky Lab estimated that nearly 100,000 new malicious programmes for mobile devices were detected in 2013 – more than double the 2012 figure. Almost all mobile malware, 98 per cent, detected in 2013 targeted Android devices and the majority of the strains created last year were designed for financial gain.
Ransomware, which has been targeted at PCs for at least five years, is picked up the same way as most malware, by enticing users into install a malicious app onto their phones from untrusted sources – often a porn site.
Once it’s on a device, it displays a message claiming to be the FBI or a security firm and accuses the user of an illegal activity. It then locks the person out until a ransom is paid.
Linden said other strains include ColdBrother, or Sypeing, and a new variant, ScareMeNot, which has gained access to 30,000 Android devices in three weeks, the NYT reported.
Because the attacks depend on social engineering tactics to attract users to download the malware, FireEye Labs’ Geok Meng Ong said, they have not yet spread as widely as PC variants.
Geok, the company’s director of security research, told Mobile World Live that on PCs browser vulnerabilities are often exploited to install malware without the user’s knowledge. “However, their successes on the PC and the ubiquity of mobile devices could drive the bad guys to develop improved Android versions quickly.”
The spread of ransomware will definitely pick up speed as cyber criminals take advantage mobile users’ carelessness.
FireEye CTO Bryce Boland said that because users store a lot of personal data on their phones, they are often willing to pay to recover them.
People are of course encouraged not to install apps from untrusted sources, but Boland stressed that users should also be wary when installing apps from the Google Play store as well.
“Many apps have hidden malicious behaviours, data privacy leaks or vulnerabilities that could lead to their personal or corporate data being stolen,” he said.