The large number of devices out there means that Android is becoming an increasingly popular target for malware writers. Ransomware which has previously been a mainly Windows problem is becoming an issue too.
The latest piece of malware discovered by mobile security specialist Lookout attempts to extort money with a scary message claiming to be from the FBI. It claims the user has broken the law by visiting pornography and child abuse websites.
Called ScarePakage, the malware masquerades as well-known apps, like Adobe Flash and a number of anti-virus applications, and pretends to scan your phone when launched. After completing the fake scan it locks your device. You can't navigate away and if you try to reboot, the FBI message will be the first thing you see when you turn back on.
It demands several hundred dollars in the form of a MoneyPak voucher to release your device. ScarePackage tries to prevent normal use of the device by blocking the victim's actions. Using a Java TimerTask, which is set to run every 10 milliseconds, the application will kill any other running processes that the user interacts with that are not the malware itself or the phone's settings application. The malware also uses an Android WakeLock to prevent the device from going to sleep.
Should you manage to switch the device off a boot receiver class resumes ScarePakage's takeover when you turn it back on, shutting down all other processes. It doesn't need root in order to take over the phone, but it does need device administrator access.
Lookout's blog, which includes screen shots of the malware, says, "ScarePakage is likely created by Russian or other Eastern European authors given language cues used in the application that we observed". For now the malware seems to be targeting only users in the US.
Advice for avoiding infection includes, not awarding device administrator rights to applications unless you're sure of what they do, only downloading apps from known and trusted developers and using a security application to detect threats before they're opened.
Image Credit: wavebreakmedia / Shutterstock