Malicious codes that hijack information are ca ...

Malicious codes that hijack information are ca …

July 9, 2014

The ESET Latin America Research Laboratory publishes the ranking of the most prominent threats for April, May and June 2014, highlighting the appearance of various cases of ransomware. As anticipated in the Trends Report 2014, this attack methodology is consolidating in Latin America and the last cases had the particularity of being directed at users of mobile devices.

These malicious codes demand a ransom in exchange for the information they erase or encrypt, using increasingly complex encryption algorithms that make it impossible or difficult to recover the files. Among the main cases that occurred in recent months, the following stand out:

  • Simplocker. During June, ESET analyzed a Trojan called Android / Simplocker that scans the SD card of an Android device for certain types of files, encrypts them, and demands a ransom payment to decrypt them. It is the first malware in the Filecoder family for the Google operating system, and it is enabled in Tor.
  • The Police Virus, now for Android. In one of the latest variants, it can be seen how access to one of the malicious websites with an Android device is redirected to a website with pornographic content that will try to download an .apk file (Android application) on the system. Contrary to what happens with the versions of this ransomware For Windows systems, here it is necessary for the user to accept the installation of the application (and its permissions) so that this malware can be activated on the device.
  • Remotely locked iPhone computers. Users of Apple devices such as iPhone, iPod and iPad, who use iOS have been victims of the hijacking of their equipment and a request for a ransom in dollars. Although in this case the attacker obtained the credentials of the iCloud service and used the functionality of locating the device for malicious purposes, we classified it as a hijack but we clarified in advance that it is not a ransomware. The attack compromises users’ Apple IDs and then uses the Find My iPhone function to remotely lock the device. What happens in this case is that the Find My iPhone functionality is used for malicious purposes, which allows locating any Apple device associated with the iCloud account. Then, once inside the iCloud panel, the attacker can configure the message that will reach whoever has the device so that it is blocked and disabled.

“This shows us how the ransomware has begun to consolidate in the region and how cybercriminals take advantage of this type of attack to obtain economic profit. Our statistical systems show that detections of this threat have grown in the last two years. The most common means of propagation are through malicious sites (drive-by-download attacks), using other Trojans (Downloader or Backdoor) or manual installation of the attacker infiltrating the Remote Desktop Protocol (more common for corporate environments). We therefore remember the importance of backup and of using a security solution to mitigate all types of information hijacking ”, said Raphael Labaca Castro, Coordinator of Awareness & Research at ESET Latin America.

Basic security measures to prevent and combat threats from ransomware focus on having a backup or backup updated information and install a security solution that is capable of detecting and eliminating this type of malware.

[+] Videos de nuestro canal de YouTube