A new kind of Android ransomware is discovered in the wild. The speciality of this one is very scary and noteworthy. It is, no antivirus program has managed to find it.
Researchers from Zscaler ThreatLabZ have discovered the new ransomware in a very popular app called “OK,” which is a Russian entertainment social network app. This legitimate app that’s available in the Google Play Store, with nearly 50 and 100 million installs, is very perfectly clean and does not contain any kind of malicious code. It’s alternative which is found on third-party app stores the dangerous one here.
The ransomware has some other extra features to make you feel safe. For example, after you have installed this malicious app, the malware does not act immediately as most such tools often do. Instead, it stays dormant for four hours, allowing the phone to work as it regularly does, and even app will work just like it is supposed to.
After four hours, the app prompts the users to add a device administrator, which allows the app to change the screen unlock password, lock the screen, monitor screen-unlock attempts and set lock-screen password expiration time. Of course, this sounds very suspicious so the users might very well tap “cancel.”
Even if that happens, the prompt will appear again quickly, preventing the user from taking any another action or even uninstalling the app. If the user gives in and agrees to give the app admin powers, the ransom note will appear on the screen. Attackers demand a 500 rubles as payment, which is close to $9,000.
“We analysed the sample further to understand whether the malware actually sends a user’s data to a server. We didn’t find any personal data leak as claimed by the ransomware and were not surprised when we found that the ransomware is NOT capable of unlocking the user’s phone,” the researchers note.