This sophisticated ransomware kidnaps data on Android phones

tech.hindustantimes.com:

According to a report published by Microsoft's 365 Defender Research Team on October 8, ransomware has undergone a new evolution. The report stated that the research team had found a piece of particularly sophisticated Android ransomware with “novel techniques and behaviour” that exemplified the “rapid evolution of mobile threats” observed, writes PhoneArena.

This particular mobile ransomware, which was detected by Microsoft Defender for Endpoint “as AndroidOS/MalLocker.B” has been out in the wild for a while and has been constantly evolving.

MalLocker.B is known to be hosted on random websites and is circulated via online forums and uses various social engineering lures. It often “masquerades” as popular apps, cracked games or video players, as per reports.

One of the versions particularly caught people's attention since it was advanced malware with “unmistakable malicious characteristic and behaviour” but yet it managed to evade most of the available protections and had a low detection rate against many security solutions.

Ransom is demanded in the form of an instruction note that blocks access to your mobile phone's display. The older versions of ransomware would rely on a permission called “SYSTEM_ALERT_WINDOW” that shows a pop-up window that cannot be dismissed or closed.

Also Read: Ransomware alert: Microsoft has a warning for all Android phone users

Designed originally for actual system alerts/errors, this permission feature was hijacked by bad actors and the UI was controlled by the hackers to cover the entire device screen instead of a small portion - rendering the whole screen unusable. This blocks the victims from being able to access their device and the only option they have is to pay up.

To fight this, Google