What is Mobile Ransomware?
Mobile ransomware is ransomware which affects mobile phones. Just like PC ransomware, mobile ransomware demands for monetary compensation in order to unlock your files. Mobile ransomware is growing in popularity as the number of mobile users steadily increases.
Mobile ransomware Statistics
In 2018, Symantec detected over 18 million mobile malware instances. In the first quarter alone of the same year, Kaspersky detected over 8000 mobile banking ransomware installations. In this report, the major platform targeted was Android. This is expected, since the Android platform has the largest user base, making it an attractive platform for malicious attackers to carry out their nefarious activities.
RSA Current State of Cybercrime also notes that most mobile malware comes from native apps installed by the user and not from web browsers. In fact, in the study, the percentage of ransomware obtained via web browsers on mobile platforms was below 20 percent. This shows that apps are the major target for attackers. This may partly be due to the permission model which apps employ on mobile platforms, giving the attackers the possibility of gaining access to the underlying operating system and exfiltrating data from other installed apps like Contacts, SMS apps, etc.
Security of Mobile Platforms
Let’s take a look at the security models of the popular mobile platforms. Starting with Google Android, we have seen the steady rise in the number of users on this platform. In the second quarter of 2018, 88 percent of all smartphones sold to end users were phones with the Android operating system. Currently, Android boasts of having over 3 billion active devices in circulation. These statistics show that attackers will naturally target the Android platform more than the others. Also, Android is open-source. This makes it a bit easier for attackers to develop malware for the platform. The app store – Google Play Store is also known to have the largest number of apps for users to download. However, this is both a blessing and a curse, as malicious apps also find their way into the app store, despite security mechanisms put in place by Google to vet apps before being hosted. Android also allows third-party apps to be downloaded from outside the official store and installed on the phone. This significantly raises the risk of downloading malware or ransomware, since the level of trust associated with apps outside the official store is very low.
This mobile platform operates a “closed system”. In order words, the code base used to develop the platform is not available to the public. This puts restrictions on the number of “eyes” that can see important information necessary to develop ransomware. Also, the iOS app store is highly restrictive, limiting the number of apps available to users. With a smaller number of apps, it’s expected that there will generally exist a higher level of trustworthiness for those apps that eventually make it to the official app store. Thirdly, unlike the Android platform, the Apple iOS platform restricts downloading of apps outside the official app store. This is “security out of the box” and exists to limit the attack vectors aiding ransomware survival.
Well, before we continue, it should be known that support for Windows 10 mobile by Microsoft will officially end on the 10th of December, 2019. However, this platform has enjoyed a certain level of security overtime and this is worth mentioning. The Windows mobile platform operates a “closed system” like Apple, where its code base is not for public eyes. Also, apps cannot be downloaded outside the Windows store. Generally, there seems to be little information on malware regarding this platform, probably due to its restrictive model and lower market share.
How Mobile ransomware is propagated
Mobile ransomware is propagated primarily via applications installed by the user, especially from third-party stores. There have been cases of ransomware from official stores too, such as AceDeceiver and Charger which infected Apple iOS and Android platforms respectively. However, these cases are much rarer, compared to infection from third-party stores. Mobile ransomware can also be propagated via malicious web links and phishing. Most times, these malicious links still lead to the download of a malicious app.
New Trends in Mobile Malware
In 2018, a British USB security expert known as “MG” modified an Apple charger and replaced the internal components with custom hardware. This technique is commonly known as “juice-jacking” and has been around for quite some time. What makes this technique fairly recent is its prevalence since the introduction of USB type-C charging ports on both phones and laptops as well. In the attack, a modded charger was plugged to a phone. Once the user clicked on “media transfer” instead of “charging only” mode, an exploit was executed against the mobile device, infecting and compromising the phone with malware. This attack can also be extended to PCs and laptops that feature a USB type-C port. The laptop charger can easily be modified to execute exploit code over the USB channel by plugging into the USB-C power port of the laptop.
Securing Your Mobile Devices
In order to secure our mobile devices from ransomware attack, we can:
- Stick to downloading apps only from official app stores (Google Play Store, Apple Store and Windows Store).
- Be wary of the permissions requested by applications. A racing game requesting for permissions to access your contacts and messages is suspicious.
- Perform regular application updates and device updates.
- Utilize endpoint security protection software to automate to an extent the protection of your device, perform regular scans of your device and monitor the behavior of applications.
- Be wary of using public phone or laptop chargers for your devices.
- If the charging device is suspect, select “charging only” mode and not “media transfer”. Any charger that requests “media transfer” is a highly suspicious charger.
Mobile ransomware may not be as popular as the PC version. However, it will be bothersome if you have to perform a factory reset on your phone and lose your files. This is why regular backup can be beneficial in restoring lost files or files that have been encrypted by ransomware.