Ransomware attacks have seen a huge surge in the COVID-19 pandemic, especially in the healthcare, government, and education sectors. These are usually based on desktop-based malware. However, attackers have infiltrated another platform recently, namely Android phones.

What’s happening?

New research from Microsoft revealed that a sophisticated Android ransomware strain has added unique TTPs to its arsenal. New capabilities include a novel ransom note delivery system, evading detection, and an ML component that can be tweaked for various devices. 

What does this imply?

This new strain of Android ransomware displays behaviors that have not been exhibited before. Thus, this could pave the way for other malware. Moreover, the capabilities of this variant only prove that attackers are continuously ducking technological hurdles and finding creative ways to achieve their goals. 

Other Android threats

  • Apart from Windows, the IPStorm botnet has now evolved to target Android devices too. The bot has been targeting Android devices with exposed ADB ports.
  • A critical Android camera vulnerability tracked as CVE-2020-2234 could allow hackers to take over a victim’s camera and gallery, record videos, and gain location access.
  • Earlier this year, COVID-themed ransomware attacks were uncovered in Canada. Known as CryCryptor, the campaign was superposing the official COVID-19 tracing app.

The bottom line

Android malware are usually propagated by making them appear similar to popular apps, games, or video players. The quickest and simplest way to avoid downloading malicious apps is to ensure that the apps are downloaded from trusted sources, such as Google Play Store. However, as seen with the success of PC-based malware, this is just the starting point for Android malware that is expected to rise in the future.

Cyware Publisher