Faketoken Ransomware a File-Encrypting Misfit

I suggest regular backups of personal files and not to root Android devices as its sure way to get a malware infection.

I've seen many argue that not rooting an android device is the best way for security, however I have seen the opposite suggesting that as a rooted Android device, any time an assumed infection tries to take superuser control, it would trigger the su.bin, which will trigger the Superuser permission prompt GUI, and you could deny it's permission every time.

Same for any Linux distribution that I am aware of, you can't be Superuser without having permission. In a non-rooted Android environment, you wouldn't have any control over what gets su permission or not as your current user profile is also not allowed the su control.

Thoughts?

I have taken root once before on an Android just to see what it was all about. I do agree that it would prompt you to ask which would run and what will not.

There are two situations in my opinion, and these are what vary:

1. A user roots their system, and knows what they are doing to not allow anything unsafe. Those that root their system and do not know what they are doing will obviously fall into the same traps that Windows users do (not comparing Windows to Android here). Ransomware does not choose whether the device is rooted or not, but in cases of a rooted device, it does make the situation more dangerous if the user activates the ransomware by mistake, as the ransomware would have the freedom to roam around and do what it pleases.
   
2. Non-rooted devices do have the pleasure of making certain programs a device administrator. Having a security program in charge of device administration would allow for a proper control of threats. However, not having a device antivirus, the user would receive this ransomware program/app, and if it requests administrator access, it would have similar permissions as Superuser/root. When a malware program has root on Android, it has the ability to erase the device's files, apps, or even lock down the device by activating the anti-theft feature build into the features of the device.
   

Of course, this reminds me of when the QualComm issue happened late this past summer, when the chip was flawed allowing unknown access to unsuspecting malware.

Android is a safe OS in many ways, and the rates of infection are much smaller (about 20,000 with the ransomware stated above, but that's 20,000 too many).

What makes Android unsafe is users that allow security permissions or those that take root without knowing potential consequences first.

Of course, even if they have su privileges or access Android's hidden terminal, they may not be able to take control of the device, unless the user agrees to every single permission.

This is why the makers of this Faketoken Ransomware use the old fake Adobe Flash Player trick, because people still think they need Flash Player and that it would be very useful "just in case."

The best way to remove ransomware that has taken root is to either not remove it at all (in cases the device is bricked), or deactivate it from device administration so the anti-ransomware tools can be used. Otherwise, it would be best to hook it up to a rescue environment with access to root being the case. If a device is not rooted, it's hard to use the rescue environment, but then again the non-rooted device is usually fairly easy to clean the ransomware from as long as the device is not being actively controlled.

Case by case basis is what I call it, and honestly it opens our eyes to the realities of the ransomware's power, but then again this one stated above is much less powerful than other models of ransomware. However, it would be humorous to see this ransomware be put on Windows, for it would bring the operating system to a crawl and block most user activity so that files are overwritten with malcode or simple first recognition algorithms.

People root Android device to install apps not from Android store which means there is no one checking these apps i'm not saying app installed from Android store wont infect Android device i'm saying people with rooted Android devices who download apps not from Android store put them self in hands of unknown individuals.