Android Devices Become New Target of Ransomware Scams

Criminals have created programs that masquerade as antivirus apps, but instead of defending the system, they lock up the smartphone until the victim pays a ransom.

Criminals have begun targeting smartphones with software that locks up the devices until the victims pay a ransom to get the unlock code, security firm Symantec stated in a brief analysis of the malware.

Known as ransomware, the scam has typically targeted personal computers, where it has become a profitable way for cyber-criminals to fleece consumers whose computers are not adequately protected against these scams.

Now, the aggressive fake antivirus scam has spread to mobile devices as well, Symantec stated in a blog post. A program called Android Defender—not related to a legitimate program of the same name—infects the victim's device by using a fake installer and then appears to do a scan, finding a number of critical security issues. If the user does not buy the program, it will eventually make the device unusable, said Kevin Haley, director of product management of Symantec's security response group.

"It is ransomware because it won't give you your phone back until you pay for it," he told eWEEK. "It won't let you start other apps, and keeps throwing up pop-up dialog boxes and notifications."

Ransomware evolved from fake antivirus scams—also known as scareware—which uses JavaScript on Web sites to pretend to scan a visitor's system and, unsurprisingly, find a large number of security issues. The software would offer to clean up the infection after installation, but once installed, asked for $30 to $100 as a subscription fee to the software.

Ransomware takes that scam one step further, locking up the system entirely until the user pays up, with ransom demands varying from $200 to $500. In November 2012, for example, Symantec found one ransomware campaign that could earn its criminal operators more than $30,000 a day. On the PC, ransomware typically corrupts system files or encrypts the user's data to make the PC unusable unless the victim pays. Many ransomware scams use the name and logos of national law-enforcement organizations to scare the victim and dissuade them from reporting the crime to the authorities.

Android Defender appears closer to the original fake antivirus scams of a few years ago, using false detections and pop-up dialog boxes to convince the user to part with nearly $100, says Haley. The program has problems as well. On some devices, it locks up the system; on other devices, the user can recover control of the system; and in still other devices, it crashes the system.

"In some cases, users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset, which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer," Symantec said in a statement.

Any affected phone can be fixed by flashing the device with the original factory firmware, which in most cases, must be done by an authorized dealer.

While Symantec and other antivirus vendors recommend that users install security software on their phones, nearly all Android malware—except in a few isolated cases—can be avoided by downloading applications from official app stores, such as Google Play.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...