Track Common Adversary Tasks Performed Using AndroidOS/MalLocker.B

 





To know more about it, you can go through my detailed document by clicking here







Overview

AndroidOS/MallLocker.B is a ransomware targeting Android devices, and easily available for download on various online forums and third-party websites. It doesn't actually corrupt the victim's files, but only prevents your access to the rest of the phone by showing a ransom note generally designed to appear as the local police is telling you that, you have committed a crime and should pay a fine. This is one of the most popular forms of ransomware on Android devices.

How does it works?

In order to show the ransom note, this ransomware uses two mechanisms:
  • Firstly, it abuses the "call" notification by showing a window that usually covers the entire screen with details of the incoming call.

  • Next, it abuses the "onUserLeaveHint()" function by simply keeping its ransom note on the foreground and preventing the user from leaving it.

Features

According to the Microsoft's researchers, it is the most evolved ransomware to date beacuse:
  1. It uses latest techniques like abusing the "call" notification, etc. to show the ransom note.
  2. It uses latest obfuscation techniques, in order to prevent detection from various security practices.
  3. It also includes a futuristic code from an open-source machine-learning module that can resize and crop images according to the screen size automatically.

Prevention

You can protect your Android devices with the help of following methods:
  • In-built Security Features- These settings can help a lot in restraining the threat actors in many ways, like, locking the idle device and using a password to wake it up whenever required, using the fingerprint scanner so that its access can be made difficult for any stranger, etc.

  • Disable Automatic WLAN Connection- Automatic access to these connections, such as, hotspots of internet cafes or airports, can pose a greater security risks mainly for corporate users.

  • Installing the Apps from Android Market- Although this method cannot guarantee the safety of your device, it does reduce the risks related to it.

  • Carefully Assigned Permissions- As suggested above, that these malwares seeks access rights to all the information of a smartphone to fully control it, hence, if an app asks for such permissions then, it's definitely suspicious.

  • Install Security Apps- In order to update your device's existing protection mechanisms and prevent it from attackers, regular system updates is required. 










To know more about it, you can go through my detailed document by clicking here


















Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)