Wednesday, April 13, 2016

Mobile ransomware still active, still polymorphic, and still the same.

A post a Trend Micro shows a new variation of the same old mobile ransomware that has thwarted AV engines for over 2 years. This Android ransomware is server-side polymorphic and will most likely give a different variation over time and different downloads so any hash based detentions of this will be ineffective.

There are some simple common sense steps to avoid this type of malware:

  • Don't give any app admin access
  • Don't install any app from a porn site that requires you to install before viewing a video.
    • Android devices will be able to play videos without the need to install a specific app,
  • Always check the download in VirusTotal before installing or at least google any link that seems a bit "fishy"
  • Try to stick to office app-stores such as google and amazon.

A sample of malware can be found at:

or on Virus Total:

As always be careful with live malware,

Stay safe out there