MalLocker.B

New Malware Affecting Android Users.

Malware has been there for a very long time from the beginning of computer systems. Any computer system could be a target for a malware attack. The common intention of any malware is to cause damage to computer systems. Before the era of smart devices, malware was mainly designed to attack servers, personal computers, and likewise. However, with the rapid increase of smart devices, malware attack surfaces grew rapidly. Smart devices became a comparably easy target for threat actors because of the extensive user base, less knowledge of users about the device, users trying to add various applications without checking their background, along with many other reasons. These reasons enable attackers to quickly and easily spread malware to smart devices.

Ransomware is one type of malware that causes huge losses for both business and personal computer systems in current times. This type of malware holds the computer system in a captive state until the victim pays a ransom to release the machine. In almost all cases, these ransoms are needed to be paid using electronic money, making threat actors stay undetected from law enforcement teams. Most of these types of malware spread from one machine to another without being specifically guided by the threat actor. It is similar to a computer worm in the way they spread. These things could get into your computers due to network security loopholes or as in most cases when you try to download untrusted content from the web. When the ransomware activates it will lock the computer preventing users from accessing their content while displaying a ransom note. Malware will not stop from here it will encrypt your data using a key that can only be obtained from the threat actor by paying the ransom. For further readings on ransomware why not have look at this nice article.

Leaving ransomware aside, let us move to MalLocker.B. Again it is a new member to the ransomware family. MalLocker.B is a new ransomware that affects the Android operating system. This was identified very recently by a team of security engineers working at Microsoft, specifically Microsoft Defender for Endpoint team. The team has classified this malware as advanced and a well-engineered malware that is able to bypass many layers of protections implemented by Android OS. The significance of this malware is its ability to display a ransom note on top of any other UI element by blocking users even from accessing their home screen. This was an issue in the past as well, but Android OS developers were able to implement some platform-level changes blocking that permission-related issue. In previous cases, ransomware used an alert related permission called “SYSTEM_ALERT_WINDOW” which was used for displaying critical system related alerts to display the ransom note. New malware use a different approach to block users from accessing devices by combining “call” notification with “onUserLeaveHint()” callback method. The call notification category is a special type because it requires immediate user attention. The onUserLeaveHint() callback executes when the user tries to send the application to the background. Malware builds a notification with the call notification category, when the user taps the notification then the ransom note will appear on full screen. Not stopping from there, malware modifies onUserLeaveHint() callback to display the ransom note again when users try to send the application to background. This creates a loop in which the user cannot stop the ransom note from appearing. Until now, there is no solution for this ransomware. Therefore be really careful when you try to add untrusted or pirated content from the internet.

MalLocker.B Ransom Note


References


Location: Moratuwa, Sri Lanka

Comments

  1. Santhoopa Jayawardhana6 December 2020 at 11:40

    With the increasing rate of cyberattacks, specifically targeting vulnerabilities in mobile devices, it is always good to make yourself aware of the new malwares so that you can be more protected in the modern digital world.

    ReplyDelete
  2. Rajitha Gamage10 December 2020 at 12:29

    Nicely written osura, can you aware how to identify that malLocker.B if it come to my phone. How to recover it?

    ReplyDelete
    Replies
    1. Osura Weerasinghe11 December 2020 at 01:01

      Good questions, there could be two scenarios. Scenario one, your phone already equipped with a malware protection application, and scenario two, your phone does not have any protective measure against malware. Whatever the scenario that applies for you there is very little chance to defend against MalLocker.B because this malware was identified very recently and recent reports not mentioned possible solution to tackle this malware.

      Delete

Post a Comment

Popular posts from this blog

How Cloud Resiliency organized in Microsoft Azure

Image
Disaster avoidance and Disaster recovery are two concepts used in many industrial areas. The two terms look alike but they are somewhat different based on the situation that we use them in. Sometimes disaster avoidance is also called resiliency. In information technology, these two terms are mainly used in system engineering and system designing areas. So, what is meant by terms resiliency and recoverability? Resiliency expresses the ability to operate services even in a disruptive system event. Recovery means actions needed to perform to make a system work again when a disruption causes a system to fail. For example, resiliency is like building structures to stay stable in an earthquake situation, on the other hand, recoverability means if some disaster happens to the structure how we are going to correct that damage. So, now as we know the meaning of the two terms, let’s move to our main topic, How Cloud Resiliency is organized in Microsoft Azure. Cloud consists of a larger number of...
Read more

Network Traffic Identification and Classification with Machine Learning

Image
A computer network should consist of four primary objectives: Fault tolerance, Scalability, Security, and Quality of Service (QoS). These objectives make computer networks efficient, reliable, and suitable to satisfy users' requirements. Network administrators try to continuously improve these properties to give a better experience for their customers. There are various practices network admins can implement to achieve these four main objectives related to computer networking. Knowing about the network is one of the initial and basic activities that we can commonly see in those practices. Network monitoring is the process we use to get to know about the network. Network traffic monitoring plays a significant part in computer networking. It has been used from network resources management to network security-related activities.  Network monitoring is an umbrella term that is used to combine a few other processes/techniques. Network traffic identification and classification (TIC) is a...
Read more