[…] We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. […]The new variant caught our attention because it’s an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.
This new ransomware type is called MalLocker.B and just like any other malware version, it can be caught from random websites or can come disguised as popular third-party apps, cracked games, or video players.
How does the new ransomware version behave?
Unlike other ransomware attacks that abuse permission requests or launch annoying pop-up windows, the new techniques involve blocking the user on the home screen or on the details of an incoming call.
More specifically, first, the attack uses a call notification to get the user’s immediate attention.
At this point, one might tap on the call and the malware will show a window that covers the entire screen with details about the incoming call.
Then, the attack uses the onUserLeaveHint() function, which is triggered when the user wants to push back an app to open a new one and might go to the Home screen.
As the report shows, these tricks don’t trigger cascading windows that can make the user suspicious, and so the attack can continue at ease.
The full code of the attack is explained in the mentioned report.
These are new tricks and as a result, MalLocker.B has been included in the list of attacks monitored by Microsoft Defender for Endpoint on Android.
Thank you for viewing the article, if you find it interesting, you can support us by buying at the link:: https://officerambo.com/shop/
No comments:
Post a Comment