Help Net flagged an interesting instance of an exploit kit delivering Android.Locker ransomware to Android users – Exploit kit targets Android devices, delivers ransomware.
Bluecoat researchers happened across the ransomware – Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices – when
Like some older ransomware, the self-labelled Cyber.Police doesn’t encrypt files: it simply locks the device, and demands that the victims pay a $200 fine in the form of two $100 iTunes gift cards. Bizarre, considering that the malware claims to represent an ‘American national security agency’ in true ‘FBI/Police virus’ fashion, though it’s hard to imagine that any of its victims believe it to be official. (However, there are plenty of places you can resell or exchange gift cards for something other than music.) Bluecoat calls it Dogspectus (presumably connected with the malware’s internal name net.prospectus?) but other companies name it as a variant of the Android.Locker family.
While VirusTotal isn’t really intended or usable as a cast-iron way to track the security industry’s response to a threat, it may be worth noting that while quite a few companies detect the .apk, detection for the Towelroot exploit executable is much sparser.
- Remove Cyber Police Virus Asking for $100 iTunes Gift Card on Phone/Tablet (YooCare, going back to December.)
- Net scum lock ancient Androids, force users to buy iTunes gift cards: Weirdo attackers shirk Bitcoin ransom for more easily cashed-out artefact (The Register)