When ESET researchers analysed the first file-encrypting Trojan to demand a ransom from Android users it was anticipated. The malware Android/Simplocker, available as a bogus app, seems at present to be a proof-of-concept but it’s only a matter of time before it’s ready for mass release.
In ESET’s Threat Trends Report predictions for this year, ESET experts warned of an escalating increase in serious threats targeting Android phones and tablets – ESET detections of such malware increased more than 60% between 2012 and 2013, which is a trend predicted to continue in 2014.
Thankfully, most of these threats can be avoided by sensible use of your device. At ESET Ireland we encourage users to protect themselves against these threats using prevention and defensive measures. Adhering to security best practices, such as keeping away from untrustworthy apps and app sources, will reduce your risks.
Install ALL apps from Google Play or other known app stores unless you have a good reason not to
There are good reasons to install apps from outside Google’s Play Store (or other big-brand stores such as Amazon’s) – for instance, if your employer requires you to install a messaging app for work. Otherwise, don’t.
Third-party stores, particularly those offering big-name apps for free are generally infested with malware, and downloading apps from them is a good way to get infected.
If you HAVE to install a file from an unknown source, ensure your device is set to automatically block such installations afterwards.
Don’t assume you’re safer on your Android than on your PC
Stay alert and don’t fall for common social engineering tricks. Links, downloads and attachments can be just as risky on Android as they can on PC.
If possible, don’t use any old ‘Droid
In an ideal world, you should use a new phone, running the latest version of Android – KitKat. Older versions are less secure – and your operator may not issue an upgrade for your handset, even if Google does. The biggest problem for consumers is the enormous number of old phones running Android that are still in use, for which the operators will not release a new version which makes them more vulnerable.
Ensure you are running the latest update of Android available for your device
Updates from Google should be available OTA (over the air) – and on newer phones, you should be able to set your phone to auto-update (with a restriction to do so via Wi-Fi rather than cellular networks).
Do the basics – lock your phone
If you own the very latest handsets such as Samsung or HTC’s flagships, you might have the luxury of locking your phone with up to three fingerprints using a built-in scanner- but if not, there’s no excuse for not locking it with either a PIN, or, ideally a password.
Don’t keep your valuables on your device
If you keep current backups of all your devices then any ransomware or Filecoder trojan – be it on Android, Windows, or any operating system – is nothing more than a nuisance. Backup your phone when possible – either manually, by connecting to a PC, or by using your manufacturer’s auto-backup.
Inspect every app’s permissions before
When installing an Android app, you will see a list of “Permissions” – functions the app is allowed to access. Permissions such as “Full network access” or the ability to send and receive SMSs should make you think hard about installing the app!
Use a mobile security app
Android malware used to be dismissed as a myth – or largely an annoyance designed to run up bills via premium SMS messages. The discovery of PC-like malware such as Android/Simplocker shows just how fast malware is evolving for Google’s devices – and how like its PC cousins it’s becoming. A regular malware scan of your device is recommended regularly and automatically.
Use Google’s own defenses to the full
Google offers a pretty decent selection of security features built in – including a location tracker, which can help find a lost device.
Never pay a ransomware author
While the implementation of the encryption in Android/Simplocker is clumsy compared to notorious PC malware such as Cryptolocker, it can still effectively destroy files. ESET Ireland advises that the one thing users must not do is pay up. That will only motivate other malware authors to continue these kinds of filthy operations, but there is also no guarantee that the crook will keep their part of the deal and actually decrypt locked files.
by Urban Schrott, ESET Ireland and
Rob Waugh, ESET