Security researchers have discovered a crude malware Trojan targeting Android smartphone users using the same ‘police ransom’ tactics that scammed large numbers PC users three years ago.
Using a traffic direction system (TDS), the latest campaign directs users to different types of police ransom malware depending on the platform and browser encountered.
According to blogger Kafeine, PC browser users are served either Reveton or Browlock, both new variants of old police Trojan campaign that up-to-date antivirus suites should detect quite easily. These demand payment after issuing what appear to be threats issued by police forces that vary depending on the country of origin of the victim.
But for the first time the criminals have decided to try their luck on Android users, redirecting browsers from the OS to a site that installs an APK under the cover story of being the BSplayer video app. Installation – including third-party site permissions and activation of device administrator mode - uses social engineering to complete its actions at which point a reboot brings up the same police ransom screen as PC versions.
Anyone not fooled by the demand is presumably supposed to be willing to pay the rather steep $300 (£200) ransom sum demanded simply to rid themselves of a particularly persistent piece of Android malware.
“The locker is kind of effective. You can go on your homescreen but nothing else seems to work. Launching Browser, callings Apps, or ‘list of active task’ will bring the Locker back,” Kafeine said.
Other researchers have identified the malware under the name 'Koler', which suggests that the police ransom form will turn up more regulary on Android in future.
Although low-tech by the standards of more recent forms of ransom scam such as Cryptolocker, the attraction of the police ransom form remains its disarming simplicity. Where Cryptolocker uses strong encryption to scramble files that can’t be recovered without a key, police ransom attacks use the basic psychology of fear or simple nuisance value to persuade victims to pay up.
It’s a strange campaign. Few users have enough data on their phones to warrant paying the hefty sum asked for and getting rid of it isn’t as hard as with other types of malware. Indeed, the whole idea of police ransom malware sounds dated and doomed to failure; the reason criminals started using full encryption in ransom malware was the growing ineffectiveness of these Trojans at fooling or intimidating victims. But it never hurts to try.