Android Ransomware Jumps Over 100% in 2017

Written by

Android ransomware detections increased by over 100% in 2017, as Zscaler spotted two new threats in the Google Play store masquerading as legitimate apps.

The 'Earn Real Money Gift cards' and ‘Bubble Shooter Wild Life' apps were both uploaded by the same author and may have had thousands of downloads already.

The former is actually a variant of the popular BankBot malware family, while the latter abuses Android's Accessibility permission to install additional apps without user's permission.

It uses a series of trick screens designed to con the user into making what they believe to be legitimate changes to Android accessibility and service settings, Zscaler revealed.

It also apparently features the Allatori obfuscator to protect the code from security controls and hide it from researchers.

“While the apps in this analysis are fairly new on Google Play with fewer than 5000 downloads, we are concerned about the increase in the availability of dubious apps in the store,” warned Zscaler. “As a first line of defense, we recommend that consumers also increase the caution with which they download apps.”

The news comes as new stats from Malwarebytes revealed a 138% increase in global Android ransomware detections from Q1 to Q2, with the top three families – Jisut, SLocker and Koler – accounting for 95%.

Overall malware on the Google ecosystem increased 5% since the beginning of the year, the firm claimed.

This contrasts with Nokia stats claiming a 63% increase in mobile device infections across all types of devices in the second half of 2016, versus the first half.

That report claimed infection rates hit an all-time high in October 2016 of 1.35% of all devices, with Android (81%) continuing to be the prime target.

Kaspersky Lab stats issued in February pointed to an increase of over 50% in Android ransomware over the previous year.

What’s hot on Infosecurity Magazine?