Ransomware and Scareware: All You Need to Know About Android Malware Families

All ransomware families capture confidential information from mobile phones and communicate with hardware settings to determine which Android operating system version is installed on a smartphone.

Fremont, CA: Individuals use ransomware, which is malicious software, to encrypt documents on computers or digital devices.

Perpetrators demand a ransom from the owner of a device in order to gain access to the victim's documents; once inside, criminals install ransomware on the victim's cell phone or machine. When the document's owner clicks on a malicious connection in an email, text message, or website, it is immediately locked (otherwise known as a crypto locker).

Scareware, on the other hand, is a malicious malware that criminals persuade users to buy or update. Bad actors trick victims into thinking that if they do not download or purchase malicious software, they will damage their computer. Scareware is often spread via pop-up ads and uses social engineering techniques to trick users into downloading fake anti-virus apps.

Let us look at the malicious behavior of ransomware and scareware families:

Sending text messages, allowing GPS, browsing the Internet, and clicking on infected pop-up ads are all popular ransomware behaviors. Additionally, ransomware families can lock the smartphone with a four-digit PIN and save photographs, documents, and videos in both the compromised device's external and internal storage. In the worst-case scenario, they will disable the victim's SIM card.

All ransomware families capture confidential information from mobile phones and communicate with hardware settings to determine which Android operating system version is installed on a smartphone. Except for Fusob and Jisut, all of them use the Internet to download malicious files onto compromised computers. Congur and the SmsSpy family also interact through a command-and-control server.

When it comes to scareware families, Avpass is the only one that communicates with anti-virus software installed on a computer. Both scareware families use the Internet to view pop-up ads and download bogus apps to victims' phones. The Mobwin and FakeApp families gather sensitive computer data and communicate with hardware settings. FakeApp also connects with remote command and control servers.

Some behaviors are shared by the ransomware and scareware families: LockerPin (a ransomware family) is very similar to FakeTaoBao (a scareware family). PornDroid (a ransomware family) and FakeApp (a scareware family) are also similar.