Tuesday, February 27, 2024

Google strengthen it’s defence against Ransomware to Attack Android

[jpshare]Ransomware for Android, or any mobile platform, have been generally uncommon.The risk has fundamentally been kept to Windows desktops, where it’s flourished with a fast improvement cycles of new elements and capacities.

At the current Kaspersky Lab Security Analyst Summit, Google tossed back on the blind on how it has curtailed ransomware on Android with a blend of censured APIs.

Rollbacks of certain usefulness that had outlasted its value to clients yet still drew the consideration of attackers.

Android security team malware analyst Elena Kovakina said Google tracked 30 Android ransomware families in the wild and collected 50,000 samples.

From that set, it examined how the malware carried on, what procedures were abused, and balanced Android accordingly. The point, Kovakina pushed, is to raise the cost of malware advancement for attackers.

“Making malware for Android should be hard,” Kovakina said. “This is why when we analyze malware, we look at what it does and how it does it, such as APIs that are abused. Many system improvements are inspired by the type malware that ran on a device.”

Ransomware rapidly developed from malware that bolted up home screens, to a risk that escalated to scramble information on a local hard drive, files and folders on network system drives.

Some exception ransomware families went too far as to encode machines at the BIOS level.On the mobile side, the most pervasive threats attacked older versions of Android(Android 4.x phones) that are no longer supported with security updates by Google.

A couple of months before a Listener Malware Android.Lockdroid.E infects many devices and instructs the victim to speak the code for unlocking the device.

 The really amazing thing about ransomware is that it flies in the face of some principles of Android security,” Kovakina said. “In Android, we have a good idea of what apps should and shouldn’t be doing.

She also said Apps cannot interfere with the normal behavior of other apps or the device itself. With ransomware, that’s it’s most notorious feature.

Apps, also, cannot damage the device or data. Ransomware does that by encrypting it. Apps should also be able to be uninstalled. Ransomware prevents this.

Kovanina said Google has fundamentally countered the developing ransomware threat on recent Android builds by censuring certain APIs.

One such move accompanied the depreciation of DeviceAdmin, which was being mishandled by 70 percent of ransomware to gain admin privileges.

She said the PHA would popup out the Device Admin window, again and again, looking for administrator rights for the application until the client would give in and permissions. In Nougat, she said the Device Admin prompt now incorporates the choice up front for the client to uninstall the application doing this kind of conduct.

Kovakina said Android O, a designer review of which was discharged March 21, incorporates new framework upgrades went for making Android resistant to ransomware.

She also said Google has moved to errand its VerifyApps malware scanner with blocking ransomware establishments instead of simply cautioning the client of a possibly unsafe application.

Also Read

Website

Latest articles

Zyxel Firewall Flaw Let Attackers Execute Remote Code

Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access...

Hackers Abuse Telegram API To Exfiltrate User Information

Attackers have been using keywords like "remittance" and "receipts" to spread phishing scripts using...

ThreatHunter.ai Stops Hundreds of Attacks in 48 Hours: Fighting Ransomware and Nation-State Cyber Threats

The current large surge in cyber threats has left many organizations grappling for security...

WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking

A critical security flaw has been identified in the Ultimate Member plugin for WordPress,...

Hackers Actively Hijacking ConnectWise ScreenConnect server

ConnectWise, a prominent software company, issued an urgent security bulletin on February 19, 2024,...

Heavily Obfuscated PIKABOT Evades EDR Protection

PIKABOT is a polymorphic malware that constantly modifies its code, making it hard to...

Anonymous Sudan Promoting New DDoS Botnet: Beware

It has come to light that a group known as Anonymous Sudan is actively...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles