Sunday, December 22, 2024
Advertisement
  1. You Are At:
  2. News
  3. Technology
  4. Microsoft finds dangerous ransomware: Know what it is, how is it dangerous?

Microsoft finds dangerous ransomware: Know what it is, how is it dangerous?

This new mobile ransomware variant is an important discovery because the malware exhibits behaviours that have not been seen before and could open doors for other malware to follow.

Reported by: IANS New Delhi Published : Oct 09, 2020 18:20 IST, Updated : Oct 09, 2020 18:20 IST
microsoft, ransomware, microsoft discovers dangerous ransomware,  AndroidOSMalLocker.B,  AndroidOSMa
Image Source : PIXABAY

New Android ransomware found

Microsoft has discovered sophisticated mobile Android ransomware with novel techniques and behaviour, evading many available protections and registering a low detection rate against security solutions. Called AndroidOS/MalLocker.B, the mobile ransomware is the latest variant of a ransomware family that's been in the wild for a while but has been evolving non-stop.

"This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players," Dinesh Venkatesan from Microsoft Defender Research team said in a security blog post on Thursday.

As with most Android ransomware, this new threat doesn't actually block access to files by encrypting them. Instead, it blocks access to devices by displaying a screen that appears over every other window, such that the user can't do anything else.

"The said screen is the ransom note, which contains threats and instructions to pay the ransom," Microsoft said.

This new mobile ransomware variant is an important discovery because the malware exhibits behaviours that have not been seen before and could open doors for other malware to follow.

"It reinforces the need for comprehensive defence powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals," Microsoft researchers explained.

In the past, Android ransomware used special permission called "SYSTEM_ALERT_WINDOW" to display their ransom note. Apps that have this permission can draw a window that belongs to the system group and can't be dismissed. No matter what button is pressed, the window stays on top of all other windows.

"The notification was intended to be used for system alerts or errors, but Android threats misused it to force the attacker-controlled UI to fully occupy the screen, blocking access to the device. Attackers create this scenario to persuade users to pay the ransom so they can gain back access to the device," Microsoft explained.

To adapt, Android malware evolved to misusing other features, but these aren't as effective.

"The new Android ransomware variant overcomes these barriers by evolving further than any Android malware we've seen before".

Microsoft Defender for Endpoint on Android, now generally available, extends industry-leading endpoint protection to Android. The company said that it detects this ransomware (AndroidOS/MalLocker.B), as well as other malicious apps and files using cloud-based protection powered by deep learning and heuristics, in addition to content-based detection.

Latest technology reviews, news and more

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Technology

Advertisement
Advertisement
Advertisement
Advertisement