Smartphone Ransomware Is a Looming Threat
Newly discovered malware threatens to open your Android phone's data to a black-market auction … unless you pay up by bitcoin
Imagine turning on your smartphone to send a text and finding this threatening notice instead:
“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc. . . We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family."
This is the message, word for word, found recently by Oren Koriat and Andrey Polkovnichenko, a pair of mobile cybersecurity analysts at Check Point, a security firm in California. The smartphone on which it appeared was an Android model that had been compromised by smartphone ransomware.
Ransomware has become a ubiquitous threat to personal-computer users. Criminals remotely access a victim's computer and lock all the files using encryption software, offering to unlock the data in exchange for a payment. The first ransomware attack on a phone occurred in 2013, according to the Check Point researchers, but until now has been confined to small numbers of victims, primarily in Eastern Europe. Now, the company says, the threat has gained a toehold in the United States.
From Russia With Malice
Ransomware attacks on mobile phones are still relatively rare.
One well-known case involved users of pornography apps in Eastern Europe who were targeted by ransomware called DataLust, Check Point says. In those cases, the ransom was set at 1,000 rubles, or about $15.
There's evidence that Charger, too, comes from Eastern Europe—beyond the clichéd bad grammar of the ransom note. "Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus," Koriat wrote on Check Point's website. "This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries."
Ransomware attacks are joining a growing list of threats to mobile phone security. Malware called Gooligan was in the news in December after it was discovered loading unwanted apps onto smartphones as part of a mobile-marketing scam. A disturbing aspect of that crime was that copies of the malware were uploaded to victims' Google accounts. That way, if the victim restored a phone to its factory settings, then downloaded photos and other data backed up in the cloud, the phone would be reinfected.
“The bad guys are always looking for ways to monetize attacks, and sometimes it's ransomware, sometimes it's theft of IP [intellectual property], sometimes it's ad fraud, and sometimes it's botnets for denial of service,” says Jason Hong, an associate professor of computer science at Carnegie Mellon University. “Basically, what we've seen on desktop computers, but now migrating over to smartphones.”
How to Protect Yourself
There are a few ways a consumer can try to stay safe from this threat, Check Point experts say.
- First, be careful about clicking on unknown links, whether in emails or texts.
- Download apps only from Google Play. Yes, Charger slipped through Google's defenses, but the company's app store remains a much more trustworthy source for Android apps than third-party sites.
- Keep your device updated with both the latest operating system and the newest versions of mobile apps, in which known vulnerabilities have been fixed.
- If you're really concerned, consider using an iPhone. Android phones are more vulnerable to attack, some researchers say, because of the open-source nature of the operating system. Apple can quickly push security updates to all iPhones; Google doesn't have that control over most Android devices, other than its own Nexus and Pixel phones.