Wednesday, April 13, 2016

Mobile ransomware still active, still polymorphic, and still the same.

A post a Trend Micro shows a new variation of the same old mobile ransomware that has thwarted AV engines for over 2 years. This Android ransomware is server-side polymorphic and will most likely give a different variation over time and different downloads so any hash based detentions of this will be ineffective.

There are some simple common sense steps to avoid this type of malware:

  • Don't give any app admin access
  • Don't install any app from a porn site that requires you to install before viewing a video.
    • Android devices will be able to play videos without the need to install a specific app,
  • Always check the download in VirusTotal before installing or at least google any link that seems a bit "fishy"
  • Try to stick to office app-stores such as google and amazon.


A sample of malware can be found at:
hxxp://pulporn[dot]ru/porn54545/load.php



or on Virus Total:
https://www.virustotal.com/en/file/441ba1d1d914e67ecd0c92ccebc7957da97f13692f466ba501a892f2f7c44671/analysis/1460542841/

As always be careful with live malware,

Stay safe out there
-Ryan