Beware! New Android malware steals your money then installs ransomware
It is an almost as old story as time: malware is wreaking havoc on Android devices. Usually Android Malware aims to steal sensitive data and passwords in order to access online accounts. Less often, it installs ransomware to extort large sums of money from users.
A variant of particularly dangerous malware that combines the two techniques has now been discovered by safety experts at Threatfabric. Known as Raton, the Troy infiltrates an Android phone, accesses data, empties the bank accounts, then locks the device to make the owner sing.
All this seems quite frightening, but that gets worse: Raton can act widely. This means that the attackers hardly need to take measures once the Troy lands on a device. He is able to steal the pins, connect to accounts and transfer money until these accounts are empty. Cryptographic portfolios are also a common target.
Once there is nothing left to fly, ransomware is automatically installed on the device. The ransomware encrypts all the data and derives access, allowing the attacker to send messages to the owner requesting payment in order to restore access. However, it is not clear if affected people always have the possibility of doing so at this stage, because their accounts have already been emptied.
Not an isolated case
Researchers expressly bring this new type of threat to attacks combined by a single malicious software. Raton is not an isolated case either, because a similar approach was previously observed in August with a variant of the hook of Android devices.
These new variants show that malicious software attacks evolve and become more sophisticated and dangerous, and fraudsters respond to the improvement of safety mechanisms in banks. If access to the accounts of an owner cannot be established, the attacker can always be belted to the ransomware as plan B.
How to protect yourself
In the case of Raton, the Troy probably landed on Android devices via false applications. Users are redirected to pages that imitate Google Play Store, where attackers offer disguised applications in current social media applications like Tiktok – with the exception of its malware.
In the case of crochet malware, it is probably distributed via the Github platform. Developers can offer applications themselves, but they are not checked in advance.
To protect yourself, you should always check if an application comes from a self -confidence supplier. You should also always activate Google Play Protect in the Google Play Store so that applications are analyzed for viruses and malware before being installed on your device.
Also avoid clicking on the links until you checked that they are trustworthy. Avoid in particular the links that supposedly lead to free versions of paid applications or promise other unrealistic offers. Find out more about the best antivirus applications for Android devices.
This article originally appeared on our PC-Welt sister publication and was translated and located in German.
