New Versions of Android-Targeting Banking Malware Likely All Contain Ransomware

Some experts believe that the current online banking Trojans that target Android devices are equipped with ransomware-like capabilities. In fact, researchers are finding that many of them have a primary purpose of acquiring banking credentials and only activate the ransomware features when initial methods such as phishing fail.

Examples of recent Trojans that do this are Tordow, FantaSDK and Svpeng. These last two possessed the ability to lock the user’s screen and poke around in the background for the credentials, hoping the user would be too busy trying to unlock the screen to notice they were being robbed simultaneously.

However, the developers of these Trojans are adding the ability for them to encrypt the data as well and use them as true ransomware, according to analysts at Kaspersky.

Some good news, if there is any to be found is that holding the device or data for ransom is used as a last-ditch effort to snatch your cash if the criminal is not able to drain your account by stealing your login credentials. One way or another, the cyber thieves will try to get your money.

There are many ways you can avoid having to pay ransom to get your devices unlocked.

First, always be aware of phishing attacks and don’t fall for them. Unexpected links and attachments, regardless of how they arrive or from whom, should always be met with suspicion. If you cannot be 100% sure it’s safe, don’t click it.

Create regular backups of your devices so that should you get hit with ransomware, you can quickly restore from a recent copy. This will keep your money in your pocket and not in that of a cyber thief. Make sure those backups are stored in a separate location from the devices you are backing up, preferably on a separate drive, network, or in the cloud. In fact, the appeal of holding mobile devices for ransom is diminished because many backup their data to the cloud, rendering any extortion attempt a futile activity.

Keep anti-malware and anti-virus software and apps installed and updated on all your devices. These act as a second line of defense after your own knowledge of how to avoid becoming a victim of phishing.

There is more good news. The developers still have work to do in order to get mobile ransomware to be as sophisticated as it is for desktops. However, it is coming. In addition, according to analyst Roman Unuchek of Kaspersky, a recent version of the Faketoken Trojan already has such ransomware features, but fortunately rarely deploys them. Faketoken targets more than 2000 financial institution apps all around the world.

The first Trojan to have this ransomware-like technology was the previously mentioned Svpeng. This has been around a while, but was recently found lurking in online advertising. The attackers did this by exploiting a zero-day flaw in the Chrome browser. More recent examples of dangerous Android-targeting Trojans include Android.SmsSpy and FantaSDK.

© Copyright 2017 Stickley on Security