Android users are being targeted by a ransomware that delivers a fake FBI warning, says security firm Bitdefender.
Posing as an Adobe Flash player update, the malware downloads and installs on the device as a Video Player, displaying an error message when the user tries to run it.
It locks the device and private contents, displaying a sinister warning purporting to be from the FBI and demanding $500 to be paid via MoneyPal and PayPal MyCash transfers to restore access. Users that try to unlock their devices independently see the figure rise to $1500.
The antivirus solutions provider claims to have detected over 15,000 spam emails originating from servers in Ukraine. The threat is Android.Trojan.SLocker.DZ, a prevalent breed of Android ransomware.
Bitdefender suggests that users with Android Data Bridge enabled will be able to programmatically uninstall the application. If the device supports it, users can also attempt to start the terminal in Safe Boot, using the minimal Android configuration to provide time to manually uninstall it.
The company also advises that users never install applications from untrusted sources, regularly back up data, use an anti-malware solution on the device and use a filter to reduce spam emails.
"After pressing OK to continue, users see an FBI warning and cannot escape by navigating away," states Catalin Cosoi, Chief Security Strategist at Bitdefender. "The device‘s home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites.
"To make the message more compelling, hackers add screenshots of the so-called browsing history. The warning gets scarier as it claims to have screenshots of the victims’ faces and know their location."
Catalin Cosoi continues, "Unfortunately, there is not much users can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device’s home screen button and back functionalities are no longer working, and turning the device on/off doesn’t help either, as the malware runs when the operating system boots."