Share this article

Improve this guide

Microsoft warns against new ransomware attack on smartphones

2 min. read

Published onOctober 9, 2020

published onOctober 9, 2020

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Mobileransomwareis the latest security danger known in the industry, and although it’s not new, it keeps evolving.

In arecent security report, the researchers in theMicrosoftDefender Team warn against new ransomware tricks used onAndroidsmartphones.

[…] We found a piece of a particularly sophisticatedAndroidransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. […]The new variant caught our attention because it’s an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.

This new ransomware type is calledMalLocker.Band just like any other malware version, it can be caught from randomwebsites or can come disguised as popular third-party apps, cracked games, or video players.

How does the new ransomware version behave?

How does the new ransomware version behave?

Unlikeother ransomware attacksthat abuse permission requests or launch annoying pop-up windows, the new techniques involve blocking the user on the home screen or on the details of an incoming call.

More specifically, first, the attack usesacallnotification to get the user’s immediate attention.

At this point, one might tap on the call and themalware willshow a window that covers the entire screen with details about the incoming call.

Then, the attack uses theonUserLeaveHint()function, which is triggered when the user wants to push back an app to open a new one and might go to the Home screen.

As the report shows, these tricks don’t trigger cascading windows that can make the user suspicious, and so the attack can continue at ease.

The full code of the attack is explained in the mentioned report.

These are new tricks and as a result, MalLocker.B has been included in the list of attacks monitored byMicrosoftDefender for Endpoint onAndroid.

What’s your intake on this topic? Share your opinion with us in the comments below.

[wl_navigator]

More about the topics:Ransomware

Sinziana Mihalache

Sînziana loves getting people to better understand products, processes, and experiences beyond a simple user guide, either in writing or making use of images. She joined the team after a long-term collaboration with one of the world’s top cybersecurity companies - Bitdefender. Outside work, Sînziana enjoys climbing mountains, backpacking around the world, and writing about almost anything on her blog.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Sinziana Mihalache