Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Ransomware Appears Targeting Users in Asia: BitDefender

The type of malware threats targeting Google Android devices is diversifying, according to new research from security firm BitDefender.

According to the company, ransomware has been spotted targeting Android users in Asia. Made to look like an anti-malware program, Android.FakeAV.C looks to trick users into downloading it, and then demands payment to restore the user’s control of the device.

The type of malware threats targeting Google Android devices is diversifying, according to new research from security firm BitDefender.

According to the company, ransomware has been spotted targeting Android users in Asia. Made to look like an anti-malware program, Android.FakeAV.C looks to trick users into downloading it, and then demands payment to restore the user’s control of the device.

“We are not surprised to see Android ransomware showing up in our reports, as it has been emulating the behavior of PC malaware for quite a while,” said Liviu Arsene, security researcher at Bitdefender. “From Trojans that steal credentials to banking Trojans, Android threats are mirroring PC malware in both behavior and complexity.”

The Android.FakeAV malware family has been largely reported in India (32.7 percent), with Indonesia (15.9 percent) and Malaysia (6.96 percent) coming in second and third in terms of the number of detections. According to BitDefender, the malware appears to target countries where users download apps from third-party marketplaces by luring them with the promise of an effective antimalware solution. However, Arsene said, it is also possible for users to be infected through drive-by attacks as well.

Last month, researchers at Symantec also noted the appearance of ransomware targeting Google Android as well. 

“The increased level of sophistication and its similarity with PC ransomware might suggest that Android malware coders are branching out,” according to the report. “Emulating the behavior of PC malware on Android is no novelty, as we seen in the past how adware gained traction and evolved on the mobile OS. The FakeAV malware family also includes the Android.FakeAV.B detection, which is a fake anti-malware solution that poses as legit. It even shares the same scanning engine as a legitimate Android security solution. Also posted in Google Play for a short while, its purpose was to steal sensitive information and send it to a remote machine.”

So far, the amount of reported threats is very low, Arsene told SecurityWeek, however the fact “that we’re seeing this type of malware emerging on Android is something that stands out.”

Advertisement. Scroll to continue reading.

“Android malware coders could be testing the potential of a new type of threat,” he said.

Other more familiar malware names also appeared in the report as well, such as Zitmo. Most Zitmo reports came from China (44.65 percent). Germany came in second with (14.47 percent), while the U.S. was home 5.03 percent of Zitmo reports. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.