News

CryptoLocker may have moved to the mobile platform

Within the past year, news has quickly spread about CryptoLocker, a malware sample that infected desktops across the country and the globe. This attack strategy - which has been dubbed the Menace of the Year by security researchers - may have become even more dangerous lately with a cross-platform jump to mobile devices.

What is CryptoLocker?
With the exception of individuals that may have been living tech-free for the past few months, nearly every user has been warned about the effects of CryptoLocker. The malware has attacked computers belonging to all types of users, including individuals as well as organizations.

When a machine is infected with CryptoLocker, or another ransomware variant, a notification appears alerting the device owner that their files have been encrypted and he or she cannot regain access until the individual pays the ransom for the decryption key. Previously, the sample, which first emerged in September 2013, was seen on all Windows versions but had not gone beyond that, reported Bleeping Computer's Lawrence Abrams. The malware pushed users to pay a ransom, which varied but typically fell between $100 and $300. However, those that paid saw differing results: Some received the decryption key and had their files returned, others remained locked out of their personal records.

CryptoLocker on Android?
Recent reports have stated that CryptoLocker may be broadening its attack horizon by moving to the mobile platform, namely aiming for Android devices. According to ZDNet, a cybercrime gang posted an advertisement for a CryptoLocker variant that could infection devices running on the Android operating system. While no active infections have been reported, experts are still warning users of the emerging threat.

In order for a CryptoLocker infection to take hold of an Android smartphone or tablet, the user has to download the APK file, disguised as a pornographic application. This approach is similar to many phishing attacks that attempt to dupe victims into willingly - yet unsuspectingly - downloading the malware themselves.

"If I'd said it once, I've said it a thousand times, never download Android apps from third-party sites of any sort and don't, no matter what operating system you're running, download programs from porn sites," wrote ZDNet contributor Steven Vaughan-Nichols.

However, those that do download the "porn program" will receive an immediate notification stating that they have been found to have viewed child pornography or another type of illegal, distasteful content. The alert also warns the individual that he or she will be sentenced to five to 11 years behind bars unless the user pays the $300 ransom through MoneyPak.

While this sample seems to be leveraging the CryptoLocker attack style, security researchers noted that the malware is probably not actually encrypting files. Instead, it is exploiting users' fears of ransomware for profit.

"At this time, it's unclear if this malware, labeled Koler.A, really is a port of CryptoLocker or simply a malware program using the infamous ransomware name in vain," Vaughan-Nichols wrote.

It is, however, still a threat as antivirus programs have not yet released a patch or fix for the infection. Users have found that if they quickly delete the program icon, it may remove the infection. This must be done within five seconds and before the warning alert appears.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!