[Also published on the Mac Virus blog, which also addresses smartphone security issues]
Not quite ransomware (though there is a suggestion that it may happen), but but my ESET Lukas Stefanko describes a fake lockscreen app that takes advantage of the currently prevalent obsession with Pokémon GO to install malware. The app locks the screen, forcing the user to reboot. The reboot may only be possible by removing and replacing the battery, or by using the Android Device Manager. After reboot, the hidden app uses the device to engage in click fraud, generating revenue for the criminals behind it by clicking on advertisements. He observes:
This is the first observation of lockscreen functionality being successfully used in a fake app that landed on Google Play. It is important to note that from there it just takes one small step to add a ransom message and create the first lockscreen ransomware on Google Play.
In fact, it would also require some other steps to enable the operators to collect ransom, but the point is well taken. It’s an obvious enough step that I’m sure has already occurred to some ransomware bottom-feeders. And it’s all to easy for a relatively simple scam to take advantage of a popular craze.
Clicking on porn advertisements isn’t the only payload Lukas mentions: the article is also decorated with screenshots of scareware pop-ups and fake notifications of prizes.
The ESET article is here: Pokémon GO hype: First lockscreen tries to catch the trend
Somewhat-related recent articles from ESET:
- Were you planning on downloading the Pokémon GO APK? Beware fake versions!
- Fake apps on Google Play tricked users into paying instead of delivering promised followers
Other blogs are available. 🙂