Faketoken Ransomware a File-Encrypting Misfit
If you're not already up to speed, Android Ransomware has been a continuing problem lately. Well, FakeToken has been one of the worst ones as of late, and now Kaspersky Lab is reporting they have found a variant that uses file-encrypting abilities. We have seen many protection apps for Android that have been able to eliminate many strains of ransomware; however, this one takes the cake at battling in offensive security.
They are purposely reversing their tactics in hopes to lure people in by offering a login screen (looks real, but totally fake) for financial applications and websites, to which the user might accidentally give away their login credentials to the ransomers. It does this for more than 2,000 financial applications.
What is the artistry of their payload? Fake games, fake Adobe Flash Player downloads, and more of the same tricky tactics that have a long legacy on the Microsoft Windows OSes.
“We have managed to detect several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.” reads a blog post published by Kaspersky. “The Trojan receives the encryption key and the initialization vector from the C&C server. The encrypted files include both media files (pictures, music, videos) and documents. The Trojan changes the extension of the encrypted files to .cat.” continues the analysis.
Researchers are befuddled that they had not discovered it sooner so that users can be protected from such tactics. However, there are at least a few more strains of ransomware that have gone undiscovered as of recent, and Kaspersky plans on investigating as deeply as possible and is wanting reports from users to ensure they can provide the best investigative measures.This kind of malware has become increasingly common, but only for the best black hats, as it is fairly difficult to ensure the files are encrypted since files are usually stored on the cloud on Android devices.