Ransomware Locks Your Android Phone Pin And Asks For Cash

Ransomware is akin to the booming stock market of yesteryear for hackers, the notion of locking an individual’s infected device is a powerful reality for today’s modern day connected gadgets. As such it can be no surprise that a new technique has surfaced which implements a free app on third-party app stores which changes the device’s locking PIN and then asks for $500 as a kind of screw you post it.

Technique of this ransomware.

Let’s take a look at the details; it may take a while so make yourself comfortable. Security firm ESET has detected this threat as a Android/Lockerpin.A, users have no effective way of regaining access to their device without root privileges or without some other form of security management solution installed, apart from a factory reset, but this would delete all data as a consequence.

After successful installation, this type of malware attempts to obtain user admin privileges by attempting to trick users, it does this by overlaying the activation window with the Trojan’s malicious window which pretends to be an “Update patch installation”. As the user clicks through this innocuous-looking installation they also unknowingly activate the Device Administrator privileges in the hidden underlying window.

This is lethal considering the moment you click “continue” within the installation activation window, your device has fallen victim, the Trojan app has now obtained Administrator rights and has silently locked your device by setting a new PIN for the lock screen. Not long after this has happened, the user will be prompted to pay a $500 dollar ransom for allegedly viewing and harbouring forbidden pornographic material, below is a screenshot of this warning notice.

The device is then locked after the warning screen is displayed within the standard Android lock screen. The new PIN is generated randomly and not sent to the attacker. The only practical way to unlock is to reset to factory defaults.

Lockpin’s self defence mechanism part 2.

Not only does this type of ransomeware acquire device admin privileges it also stops users from attempting to deactivate Device Admin for the malware, they will fail because the Trojan will have registered a call-back function to reactivate the privileges when removal is attempted.

There’s more, this locker also attempts to kill running AV processes when the user tries to deactivate its Device Admin rights. The Trojan tries to protect itself from three mobile anti-virus applications which include ESET, Avast and Dr Web as well as the com.android.settings which prevents standard uninstallation through the application manager.

ESET state that its own self-protection mechanisms will prevent the malware from removing this vendor’s AV. Software.

Distribution of this malware

This Ransomware pretends to be an app for viewing adult/porn videos. In all cases, the application calls itself “Porn Droid”, giggity. 75% of so far infected devices have originated from the US; this is because malware coders are attempting to attack citizens of the US with the aim of collecting bigger payouts.

Unlocking the device

The only way to unlock your device without implementing a factory reset is to root your device; the user can connect to the device by ADB and remove the file where the PIN is stored. For this to work, the device needs to have debugging enabled otherwise it’s not possible (Settings -> Developer options -> USB Debugging) before using the commands

> adb shell
> su
> rm /data/system/password.key

The only crumb of comfort is that you cannot download this malicious app from the official Google Play Store, ESET recommends keeping your mobile AV software up to date if you have one. If not, be careful what you download, if you stick to official routes and be cautious of both unknown and suspicious apps which purport to be too good to be true. Back up any sensitive data and always update legitimate software, tech is becoming more advanced and so are the attackers.

Thank you eset for providing us with this information.

Image courtesy of xperiaseries

Windows 10 Ransomware Discovered

Well this didn’t take long! A new form of ransomware has been discovered which if downloaded, will automatically encrypt your files before demanding a fee to unlock them. The distributors of this malicious code are attempting to impersonate Microsoft by “offering” users a free upgrade via email. This scam takes full advantage of the Windows 10 download process, which asks consumers to virtually wait in a metaphorical line for the upgrade.

So how does it work?

The distribution works by sending an email to consumers offering them a free Windows 10 upgrade. A sample of this type of email is below, firstly, the “from” address on the email is spoofed, (update<at>microsoft.com). This is not actually from Microsoft but from an IP address in Thailand. The attackers are also using a similar colour scheme to that of Microsoft with the aim of luring consumers into associating this email as genuine.

The next red flag is courtesy of the letter format which does not parse properly. This could be due to the targeted audience, a demographic using a non-standard character set, or the character set the adversaries were using to craft the email. Another suspicious but sneaky technique is the mail virus scanner which indicates the email is fine, it links to an open source mail scanner, but this is designed to trick users.

What is the Payload of the virus?

If this email is taken as a genuine correspondent from Microsoft, you will be asked to download a zip file which contains an executable file. Once run, the below screenshot will pop up. The payload is CTB-Locker, a ransomware variant and is currently being delivered to users at a high rate, whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is similar to this kind of ransomware with a few extra features which include, the use of elliptical curve encryption which provides the same public/private key encryption but it’s a different type of algorithm with lower overheads.

Another feature for this locker includes using hard-coded IP addresses on non-standard ports to establish communication. There is also a significant amount of data being exchanged between systems, which are largely uncharacteristic for ransomware. An analysis of network traffic reveals that there were ~100 network streams to various IP addresses.  The most common ports being utilized are 9001, 443, 1443, and 666.

So how do I protect myself from this threat?

Be very careful with emails of this nature, look at the details and if unsure, research it, this is a powerful weapon at staying current and educated on the nature of these threats. Always question a “Free Upgrade” which is sent to your inbox, never open or install executable or any other file without checking the authenticity of the email and file. If in doubt, don’t open it.

These scams are becoming more sophisticated for the average user with the aim of virtually locking your files up. Always perform regular backups and use an up to date antivirus scanner as a matter of course.

Thank You to Cisco Blogs for providing us with this information

Image courtesy of digitallife

Guy Makes Device Which Can Open Combination Locks in a Matter of Seconds

Not really what you were looking to hear if you have a locker at work or school that relies on combination locks to keep people from snooping through your personal belongings, huh? Well, someone was bound to do something like this sooner or later and it’s not like combination locks were the best security option on the planet anyway.

This new high-tech process looks to follow the manual process used by experienced crackers, but drastically reducing the process with the help of computerized algorithms. The device is made out of a stepper motor, a servo motor, a 3D printed harness and an Adruino to help with the AI/computerized side of things.

But now to the real question… how useful is the process? Well, not that useful. Experienced crackers can open these type of locks in a matter of seconds too (not as fast as a robot, but pretty fast nonetheless). So that’s why combination locks are made to keep out nosy people from snooping through your personal stuff and not keep your family values safe.

Still, this can be useful when you really have no experience and desire to learn how to crack these things and want to prank your friends. You can watch the video below to see how it is made and tested.

Thank you TechCrunch for providing us with this information

Image courtesy of Amazon

Kingston DataTraveller Locker+ G3 & HyperX 1TB Flash Drive On Show At Post-CES Event

Whilst we have seen a lot from Kingston at this years Consumer Electronics Show, but this is not to say that they have shown us everything that they have to offer. Part of the reason why we see one or two things crop up just after CES comes down to development. If Kingston were to put everything together and launch it all at the same time, then there is a high chance that something will get missed out or not given as much exposure as something that is a little more revolutionary or performance pushing. This is the reason why only a few weeks after one of the years biggest tech shows Kingston are holding a smaller, more select event where they can focus their attention one a small group of products that they want to give a small push into the market and with the number of products more concentrated, the exposure that they will get from these is more defined as opposed to being lost in a stand or suite overview for example.

One of the few products that they have got on show, and the one that this mini-event is mainly pushing out is the all new DataTraveller Locker+ G3. Now whilst we have seen a wide range of drives come on to the market under both the DataTraveller name and also having the G3 tag, the Locker+ is a drive that is a little more unique with a feature that not too many drives tend to have on the market; namely encrypted storage.

Now when we think about data encryption and storage, people tend to think about the internet and systems that hold personal information about ourselves, but on the consumer end of the market, there is still the demand for secure storage to ensure that data and information cannot fall into the wrong hands. Flash drives are one of the more common pieces of consumer hardware that we tend to misplace or lose entirely and if this drive holds valuable data, either personal or in relation to a business, there is the slight potential that the damages could be far greater than expected. As a result this is the whole reason why we are seeing encrypted drives come onto the market.

To join this growing market of secure flash drives, Kingston are unveiling the new and improved DataTraveler Locker+ Generation 3 drive. With capacities ranging from 8GB through to 64GB and offering read and write speeds of up to 135MB/s and 40MB/s respectively, the thrid generation drives offer better capacities and faster speeds over the generation two secure drives that fall under the DataTraveler range. With faster speeds on offer, the new drive boasts a USB3.0 port and a sleek, rugged feeling all-metal housing with a massive 5-year warranty. Data encryption is made possible through an installation-free interface that runs directly from the drive, meaning wherever you go, you’ll always have access to your data when you need it and the security when you need it the most.

The Locker+ G3 is available now and with prices starting at around £10 for the 8GB model, ranging up to around £45 for the 64GB drive, the drives are not only desirable, but also affordable as well. Watch closely on eTeknix as will have a review of this drive coming up very soon.

Whilst the Locker+ G3 was the the key product to see, there is one drive that Kingston have been bragging about for a number of months now and one that has dropped the jaws of many enthusiasts and pro-sumers around the world. This is of course the massive 1TB capacity that is packed into the HyperX Predator USB3.0 flash drive. We are no strangers to this drive, in-fact I was the first person that was able to get my hands on this drive for review and I have to give it to Kingston, the mind boggling capacity in such a small frame is one of last years greatest innovations and since its release, Kingston have seen a strong response from the community with a fair number of drives beings sold.

If you want to read more about the HyperX Predator 1TB, take a look at our full review where we have specs and performance benchmarks of this mega drive.

Images courtesy of eTeknix.com