The New York Times is reporting that the number of Android smartphones infected with a ransomware virus has grown to nearly one million devices in the past 30 days. Though the concept of ransomware is not new to the technology world, only minor outbreaks of this particularly nasty malware have been seen on mobile devices, and have either been quickly defeated or bypassed. Not so with this latest set of extortionware: most prolific is a trojan called ScarePackage, which, as the name suggests, locks your phone with a warning that the device has been used to commit a crime (child porn and media piracy are two of the most common tactics), and can only be unlocked by paying a fine to “law enforcement”.
What this means for you:
Up until now, the most common way Android devices were infected with malware like the above was through “sideloading” apps from questionable sources other than Google’s own “Play” store. Unfortunately, hackers seem to have perfected mobile browser drive-by infections so that they don’t even need to rely on someone bypassing the normal controls all Android phones ship with by default. It’s unclear whether Android antimalware apps (I use WebRoot’s SecureAnywhere) can protect you from drive-by infections reliably, but it does provide a layer of protection when installing apps and it will block suspicious text messages; both are a common source of malware infections. On top of installing malware protection on your mobile device, you should always be very careful surfing unknown or questionable websites, avoid installing brand-new, never-reviewed apps (sometimes trojans slip through Google’s malware screening), and always scrutinize the permissions that installed apps are requesting, especially the ones that ask for full administrative permissions or unfettered access to make mobile calls and send text messages.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net