No anti-virus software can detect this extremely dangerous new Ransomware on Android

A new type of Ransomware on Android has just been discovered by a researcher on a blog called Zscaler. The point that makes this type of Ransomware so frightening is that no anti-virus software can detect it.

This new Ransomware was discovered inside a very popular Russian social networking application called OK . This app is completely legal and available in Google Play Store with about 100 million downloads. Also according to the above reviews, this application does not own any strange code.

No anti-virus software can detect this extremely dangerous new Ransomware on Android Picture 1

What happens when this Ransomware is infected?

Unlike other Ransomware, this is a very dangerous and hard to detect type. Specifically, after you install this malicious application, it will not work immediately like most other malware types. Instead, it will hide in the system and not have any action within 4 hours. Therefore, the phone device and even the application still work normally as the victim mistook.

Four hours later, the application will require users to allow the use of device administrator rights when this permission will allow the application to change the lock screen password, screen lock, access to the lock screen and settings. A new password. Of course, if you notice, users will find that this is extremely suspicious and quickly press Cancel .

No anti-virus software can detect this extremely dangerous new Ransomware on Android Picture 2

But even if you click Cancel , the application's request panel will quickly reappear and prevent users from taking any other action. If the user feels uncomfortable and agrees to grant the device administrative rights for the application, a ransom notification will appear on the screen. The attackers required to pay an amount of 500,000 rubles (about 20 million equivalent).

No anti-virus software can detect this extremely dangerous new Ransomware on Android Picture 3

The researchers said: "We have done some more tests to determine whether this malware actually sent user data to a server. However, we did not find it. see any leaked personal data and also find out that this Ransomware cannot unlock the user's ".

Regardless of whether the user has transferred the requested ransom to the attacker's e-wallet, Ransomware will not stop working. As soon as the phone screen is locked, the malware will notify the Command & Control server (C & C) about the new victim. Interestingly, there is no function in this malware to confirm whether the user has paid the ransom.

How to get rid of this Ransomware type

Although no antivirus software has detected and eliminated this type of Ransomware, there is a way to help users get rid of this Ransomware. If you accidentally stick to this virus, do the following:

1. Switch device to Safe Mode .
2. Disconnect all third-party applications in the device.
3. Remove the application and reactivate it to normal mode.

To prevent this from happening in the future, go to Security Settings / Device Administration and uncheck the Unknown Sources box.

Epilogue

It is not uncommon for smartphone users to be infected with Ransomware, since many organizations and individuals are currently focusing on developing illegal Ransomware software to extort and steal user information. So be careful when downloading applications of unknown origin on the Internet.

Refer:

1. Theory - What is Ransomware?
2. List of the 3 most dangerous and scary Ransomware viruses
3. If you don't want to be a victim of Ransomware, read this article