Ransomware now hitches a ride with mobile banking trojans

Ransomware now hitches a ride with mobile banking trojans

android-malware-tordow-2-0-crimeshop

Coming soon to a mobile banking app near you

Kaspersky-Lab-crimeshop.jpg

Researchers from Kaspersky Lab have discovered at least 2 Android trojans that steal financial information and login credentials, now just in time for the holidays, double as file-encrypting ransomware programs.

Faketoken, one of the programs whose primary function was to generate fake login screens for more than 2,000 financial applications in order to steal login credentials, with the added bonus of being able to display phishing pages in order to steal credit card information, and read and send text messages, added a new and improved bonus feature.

The creators of Faketoken back in July added the ability to encrypt user files stored on the phone’s SD card and they also have since released thousands of builds with the very same functionality.

According to researchers at Kaspersky Lab “Once the relevant command is received, the Trojan compiles a list of files located on the device corresponding to the given list of 89 extensions and encrypts them.”

Faketoken is disguised to look like many popular apps and games, once installed, it creates repeated prompts that bug the user repeatedly to input necessary permissions.

Which most people eventually give at one point or another.

Another mobile banking trojan, Tordow 2.0 that has the ability to encrypt files, make phone calls, control SMS messages, download and install programs, steal login credentials, access contacts, encrypt files, visit web pages, manipulate banking data, remove security software, reboot devices, rename files, and act as ransomware.

Tordow 2.0, which is available through third-party app stores, again disguised as a popular app, contains a pack of exploits that it utilizes in order to gain root privileges on the infected devices.

So far Faketoken has managed to infect devices in 27 countries, most of which are located in Germany, Ukraine, Thailand, and Russia. 

ransomware-crimeshop

It is only a matter of time before the rest of the world starts to see these types of mobile banking trojans that are complete with ransomware.

File-encrypting ransomware has never really been popular until now with mobile devices because generally everything on a mobile device is backed up to a cloud.

With hackers becoming more and more daring, creative and clever, you can be sure to find these types of mobile banking ransomware trojans heading to an app near you sometime in the near future.

Banks are going to need to do more in terms of informing customers of when and why mobile apps are updated but more importantly mobile apps on the app stores need to be checked and managed a lot better than they are today.

Users are the ultimate enabler regardless of banks and the app stores.

I cannot tell you how many times users at my current job and my past jobs, who will bring me a laptop, macbook, Android phone, iPhone, iPad or tablet that has some type of app installed that is causing them a headache.

10 times out of 10, when I ask the user if they checked the app’s that they had installed before installing them, the answer is always no, after being given the glazed over, blank, deer in headlights look.

Users ultimately need to start to check apps prior to installing them.

It is only a matter of time before these types of mobile ransomware trojans become more and more popular as users ditch desktops and opt for more mobile friendly ways to function through everyday life.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop