Monday, June 23, 2014

“Doctor Web” called blockers and encoders for Android trend of the season – KM.RU

 The first representative of this class of threats has become the Trojan-cryptologist Android.Locker.2.origin

Three years ago, in 2011, the experts of “Doctor Web” have predicted the emergence and widespread extortion programs for the system Android. As you can see now, this prediction came true.

In late May of this year, antivirus companies began to detect the first in the history of the encoder for Google Android, and by the middle of June 2014 the number and variety of programs extortionists for this mobile platform markedly increased.

Trojan-cryptologist Android.Locker.2.origin became the first representative of this class of threats. It can infect the Android-based device, and since May 22, 2014 he was Antivirus detected more than 20 000 times.

When this malware gets on the victim’s mobile, it examines the files on it. Jpeg,. Jpg, . png,. bmp,. gif,. pdf,. doc,. docx,. txt,. avi,. mkv, .3 gp, and then encrypts the file (extension is added. enc). After that, the Trojan device locks the screen and displays it on a message to pay the ransom for the decryption.

Image from drweb. com

algorithm is used to encrypt the AES, and managing server malware resides on the network to share with TOR psevdodomenom. onion.

As can be seen from the action Android.Locker .2. origin suffer document files, images and video. Encoder also steals and sends to the server a variety of information about the infected device – such as identifier IMEI.

The company also noted Trojan Android.Locker.5.origin, which is primarily aimed at Chinese users. According to experts, this software was not created for the purpose of earning, but rather just for jokes. Attackers just decided to play a trick on their hapless victims.

Image source

run on the device, Android.Locker.5.origin blocks it and displays a message that the phone should be locked “some rest”, while at the bottom of the screen displays a timer counting 24 hours. At the end of the day the device is automatically unlocked.

Android.Locker.5.origin Trojan uses the system function of the Android platform to check the status of your process and restarts automatically when a stop. It also prevents attempts to run on a mobile device of any other applications. Other dangerous Android.Locker.5.origin has no functional.

This month, the family of Trojans extortionists replenished with new threats and called Android.Locker.6.origin Android.Locker.7.origin. They are malicious programs that target users in the U.S., and also block the mobile device screen, followed by the requirement to pay a certain amount for unlock it.

Image source

distribute these two Trojan disguised as Adobe Flash Player and your installation request administrative rights, and then go imitation scanning device and its subsequent blocking and message appears on the availability of illegal content. For unlocking device required to pay $ 200 payment via MoneyPack.

Image source

Image source

Among other things, both Trojan kidnap victims from the device data from the address book (names, phone numbers and email addresses), are engaged in tracking incoming and outgoing calls, and can even block them. The information collected, of course, falls on the management server intruders.

No comments:

Post a Comment