Avast is now detecting mobile ransomware, which we will refer to as “WannaLocker” from now on. The ransomware is targeting Chinese Android users. WannaLocker’s ransom message screen may look familiar to you and that’s because it looks just like the WannaCry ransomware screen, the ransomware that spread like wildfire around the world mid-May. Another interesting aspect is that WannaLocker encrypts files on the infected device’s external storage, something we haven’t seen since Simplocker in 2014.
We recently came across mobile malware that uses a sandbox, like the malware that posed as dual instance and took advantage of VirtualApp, to steal user’s Twitter credentials. We suspect that cybercriminals are once again using a sandbox to try to avoid antivirus detection.
I fell for it the first time I answered a call. A friendly female voice hesitated, then giggled the line, “Can you hear me?” After I answered, “Yes”, it took me a few seconds to realize I had been fooled. It wasn’t a silly girl with a bad connection calling me on behalf of Disney Vacations – I had just been targeted by a robocaller. By then it was too late.
Ever answered your mobile phone only to find silence? Or that a machine has called you? Or even that it’s a completely unexpected call from someone claiming to be from the Internal Revenue Service (IRS)?
After years of using hotspots, many of us who connect our PCs via Wi-Fi away from home have learned the difference between secured and unsecured networks – and are now smarter and safer when we get online at the café or airport. But our connection habits are changing. In 2016, average smartphone usage grew 38 percent, and more mobile phone traffic – nearly 60 percent – was handled by Wi-Fi hotspots than by cellular networks, putting our phones at risk, too. Add the proliferation of Internet of Things (IoT) devices, and today’s Wi-Fi threats can outpace even the tech-savviest among us. Because we have greater mobility and connectivity, hackers are motivated to take advantage of our need for both.
Mobile threats are on a rise, becoming more sophisticated and difficult to detect. We expect that in 2018 it will reach the same magnitude as PC malware.
Ghost Push is a malware family that exploits vulnerabilities to gain root access to Android devices to then download and review other apps in the background. Using social engineering, users are tricked into downloading Ghost Push from third party app stores or via links sent in text messages. Once installed, Ghost Push tries to gain root access. As the name suggests, Ghost Push acts in a ghostly fashion once it has root access, meaning infected users don’t notice anything – everything happens in the background. Recently, a new variant of the Ghost Push malware, Gooligan, was detected spreading in the wild. The Gooligan variant steals email addresses and authentication tokens stored on the infected devices, gaining access to users’ Google account data, including Gmail and Google Play. More than one million users’ Google Play accounts were affected.
We are excited to announce the winners of Avast’s #LoveYourInternet giveaway. Eilish K. from London, England and Ryan B. from Maryland, USA, won a new Google Pixel phone for sharing why they love the Internet.