Android malware and viruses
Android based malware is a new threat that affects countries all over the world. One of the most popular forms of Android malware belonging to the ransomware category of infections, uses torjan horses to lock an Android phone, encrypt files on the SD card, and display a screen that attempts to persuade victims to pay a ransom in order to unlock their phones and/or decrypt their files; However, there is no actual easy procedure to retrieve encrypted files.
A common message displayed by Android ransomware is detailed below:
WARNING your phone is locked! The device is locked for viewing and distribution child pornography , zoophilia and other perversions. To unlock you need to pay 260 UAH. 1. Locate the nearest payment kiosk. 2. Select MoneXy 3. Enter XXXX. 4. Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt! After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!
If you have received a message on your Android phone claiming to be the Police, FBI, or other establishment, please note that you are not in any trouble. This is a very common scam similar to the FBI virus we are credited with discovering in 2012 and paying the fine will not help.
Other Android malware is found in the scareware or rogue software category. These programs may promote themselves as legitimate Antivirus solutions for Android smartphones, but instead they primarily siphon user information and files saved on the phone’s SD card. Some of these programs are defined as proof-of-concept apps that have not yet been identified by Google and can even be found in the Google Play App store.
How does an Android phone get infected with malware?
There are many ways an Android Smartphone can become infected with malware and viruses:
- Some malicious Applications are available in the Google Play App store, including fraudulent games. These apps look for images, documents and videos to encrypt. After encrypting the files the apps will then rename their file extensions to .enc. The apps have a C&C (command and control) server on the TOR network and collect information about the phone (IMEI, OS, phone model, manufacturer) to send to C&C server.
- Text spam containing malicious links.
- Email spam containing malicious links.
- Advertisements on questionable websites.
How to remove malware from Android Phones
There are no current easy solutions to retrieve encrypted files associated with Android ransomware infections; However, there are security applications that can potentially block an attack from occurring like Mobile Security & Antivirus by ESET (found at bottom of page: ESET Online Store – All Products – Save 25%) and Kaspersy Internet Security for Android (http://www.kaspersky.com/products/home/mobile-security).
In some cases an Android user can simply uninstall the unwanted program through the common uninstall procedure based on the model of the smartphone.