Mobile Ransomware Comes With Image of a Cat
Posted by: Timothy Weaver on 08/11/2016 10:47 AM
[
Comments
]
Cyber criminals are trying to be cute with their ransomware. McAfee Labs has recently come across a new ransomware that locks your screen and displays a picture of a cat.
Fernando Ruiz says: "Some interesting features of this ransomware include the ability to encrypt specific files, steal SMS messages while forwarding them to the attacker and avoiding the victim’s message visualization, lock access to the device and the encryption using an AES algorithm with a hardcoded password."
The ransomware is also capable of encrypting SD card memory files, send SMS messages to the victim, and lock the screen.
Ruiz thinks that this is a work in progress. He goes on to state: "This ransomware variant looks like a demo version used to commercialize malware kits for cybercriminals because the control server interface is not protected and includes in the code words such as { MyDificultPassw}. These kinds of threats are usually distributed by attackers who buy exploit kits on black markets and who want to attack a specific company or group of people. The attackers often use phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques."
This peice of malware is probably a Ransomware-as-a-service.
Source: Graham Cluley
Fernando Ruiz says: "Some interesting features of this ransomware include the ability to encrypt specific files, steal SMS messages while forwarding them to the attacker and avoiding the victim’s message visualization, lock access to the device and the encryption using an AES algorithm with a hardcoded password."
The ransomware is also capable of encrypting SD card memory files, send SMS messages to the victim, and lock the screen.
Ruiz thinks that this is a work in progress. He goes on to state: "This ransomware variant looks like a demo version used to commercialize malware kits for cybercriminals because the control server interface is not protected and includes in the code words such as { MyDificultPassw}. These kinds of threats are usually distributed by attackers who buy exploit kits on black markets and who want to attack a specific company or group of people. The attackers often use phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques."
This peice of malware is probably a Ransomware-as-a-service.
Source: Graham Cluley
Comments
