Researchers for Zscaler ThreatLabZ discovered the new ransomware in a popular app called “OK,” a Russian entertainment social network apps. The legitimate app that’s available in the Google Play Store, with somewhere between 50 and 100 million installs is perfectly clean and does not contain any malicious code. It is the alternative found on third party app stores that is dangerous.
The ransomware has a few extra features to make you feel safe. For example, after you’ve installed the app, the malware doesn’t act immediately as such tools often do. Instead, it stays silent for four hours, allowing the phone to operate as it regularly does, and even the app will work like it is supposed to.
Four hours later, the app prompts users to add a device administrator, allowing the app to change the screen unlock password, monitor screen-unlock attempts, lock the screen and set lock-screen password expiration. Of course, this sounds extremely suspicious so users might very well tap “cancel.”
Even if this happens, the prompt reappears quickly, preventing the user from taking another action or uninstalling the app. If the user gives in and agrees to give the app admin powers, the ransom note appears on the screen. Attackers demand 500 rubles as payment, which is close to $9,000.
Researchers have concluded that this malware could end up injected into apps on the official Google Play Store quite easily. Mostly, that’s because antivirus programs can’t detect it due to the four-hour stealth tactic.
Submitted by: Arnfried Walbrecht