Music-Loving Android.Locker Ransomware

Help Net flagged an interesting instance of an exploit kit delivering Android.Locker ransomware to Android users – Exploit kit targets Android devices, delivers ransomware.

Bluecoat researchers happened across the ransomware – Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices – when

…a test Android device in a lab environment was hit with the ransomware when an advertisement containing hostile Javascript loaded from a Web page.

Like some older ransomware, the self-labelled Cyber.Police doesn’t encrypt files: it simply locks the device, and demands that the victims pay a $200 fine in the form of two $100 iTunes gift cards. Bizarre, considering that the malware claims to represent an ‘American national security agency’ in true ‘FBI/Police virus’ fashion, though it’s hard to imagine that any of its victims believe it to be official. (However, there are plenty of places you can resell or exchange gift cards for something other than music.) Bluecoat calls it Dogspectus (presumably connected with the malware’s internal name net.prospectus?) but other companies name it as a variant of the Android.Locker family.

While VirusTotal isn’t really intended or usable as a cast-iron way to track the security industry’s response to a threat, it may be worth noting that while quite a few companies detect the .apk, detection for the Towelroot exploit executable is much sparser.

Further commentary:

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.