Bogus FBI ‘porn warning’ scares Android users into ransomware trap
Tue 26 May 2015
Cybercriminals have been targeting Android users in a new ransomware campaign [Romanian] which poses as an email from the FBI warning against viewing porn online.
Romanian security software firm Bitdefender suggests that as many as 15,000 spam emails including zipped attachment files were sent to Android customers over the past few days. The attack is thought to have originated in Ukraine.
If the files were opened, users were faced with a ransom note demanding $500 to restore full access to their system. It continued to threaten that users who try to unlock their devices would be charged up to $1,500. Payments were requested to be transferred via PayPal My Cash or Money Pak.
The ransomware was disguised as an Adobe Flash Player update – a frequent façade used in hacking attacks.
“After pressing ‘OK’ to continue, users see an FBI warning and cannot escape by navigating away,” explained Catalin Cosoi, chief security strategist at Bitdefender.
“The device’s home screen delivers an alarming fake message from the FBI telling users they have broken the law by visiting pornographic websites. To make the message more compelling, hackers add screenshots of the so-called browsing history. The warning gets scarier as it claims to have screenshots of the victims’ faces and know their location,” she added.
The security experts identified the malware as an Android Trojan SLocker-DZ attack – one of the most commonly diffused ransomware families attacking Android users. Those behind the attack regularly create new variants. Bitdefender detects these spam threats under several different domain servers including .edu, .com, .org and .net.
“Unfortunately, there is not much users can do if infected with ransomware, even if this particular strain does not encrypt the files on the infected terminal. The device’s home screen button and back functionalities are no longer working, and turning the device on/off doesn’t help either, as the malware runs when the operating system boots,” Cosoi continued.
Bitdefender advises that if users enable ADB (Android Data Bridge) on their infected device, they can manually uninstall the malware app. Users can then try and reboot their device in Safe Boot.
