A link in an online forum advertises the best mobile app available - without further information about the content, without screenshot, without technical data. An IT professional would never click such a link. Or? Well, a large number of forum visitors have done it and thus launched a new avalanche of Android Ransomware.
Anatomy of a Ransomware Attack
Android Filecoder.C is the name of the blackmailer Trojan whose rapid spread ESET has been observing since mid-July. The strategy of the ransomware can now be understood relatively clearly: Via an infected link in online forums, the ransomware initially settled on a limited number of smartphones. The intention behind this is neither particularly new nor original, but still absolutely effective and above all profitable for cybercriminals: Data is encrypted; data ransom is to be paid in Bitcoins. The backers threaten the destruction of all files. Even removing the infected app alone is not helpful: the data remains encrypted for the time being. Only files in ZIP and RAR archives, cache and temp folders, as well as files larger than 50 MB and smaller than 150 KB are spared.
Then phase 2 begins: The ransomware spreads itself independently via the contact lists of the infected devices via SMS. Here, the malware changes the strategy compared to initial disinfection: The short messages suggest, among other things, an abusive use of private pictures of the contacted contacts in pornographic contexts and thus increase the probability of irrational short-circuit reactions.
The Psychology of Extortion
Once again it becomes clear that IT security and Ransomware in particular cannot be regarded as technical challenges alone: In a perfidious way, the malware docks directly to psychological mechanisms: First, it cleverly uses human curiosity and carelessness to play with the resulting fears.
Recent studies on mobile security
This current example illustrates that the "Mobile Security" problem is by no means solved. CrowdStrike's recently published Mobile Thread Landscape Report takes a closer look at the threat situation and identifies a number of other trends in this area in addition to Mobile Ransomare: In particular, dubious app providers operating alongside popular platforms such as PlayStore are a source of danger. For cybercriminals, the theft of private data is often only a means to an end; at the end of the day, it's all about one thing: a direct route to the infected user's money. No wonder, then, that banking Trojans in particular are also on the advance in the mobile variants.
Over 94 million infected apps
A G DATA study offers vertiginous figures on the current threat situation: In the first half of 2019 alone, almost 2 million new infected apps are said to have appeared. Every day 10,000 new apps are added. The total number of infected apps is estimated at over 94 million.
This makes it all the more problematic that many smartphone users work with outdated operating systems: According to G DATA, more than half of all Android users have been using outdated versions for two years. It is downright scandalous that there are still smartphones on the market that are equipped with apps that security experts classify as malware.
The devil lies in application practice
There are two central reasons why mobile security poses such great challenges to companies: On the one hand, the mobile variants of popular security solutions still cannot compete with their "big brothers". On the other hand, the application practice of mobile devices differs from stationary PCs: Smartphones are practically everywhere. In the office, at home and on holiday. In secure networks as well as in public W-Lan networks. They are used for business appointment planners as well as for Youtube streaming and private chat messaging. Mobile devices are not just part of an IT network, but are constantly switching between private and business use, as well as between different network environments with very different security standards.
A solved problem?
All this would have to be part of a mobile security concept. And the security industry has already made several promising proposals to minimize the risks. The solutions range from separate service telephones and private devices to separate protection of business data on the BYOD device. Practical experience alone shows: The well-intentioned security approaches of the IT departments still too often fail due to reality. And the carelessness of employees.