Sunday, July 14, 2024

Google strengthen it’s defence against Ransomware to Attack Android

[jpshare]Ransomware for Android, or any mobile platform, have been generally uncommon.The risk has fundamentally been kept to Windows desktops, where it’s flourished with a fast improvement cycles of new elements and capacities.

At the current Kaspersky Lab Security Analyst Summit, Google tossed back on the blind on how it has curtailed ransomware on Android with a blend of censured APIs.

Rollbacks of certain usefulness that had outlasted its value to clients yet still drew the consideration of attackers.

Android security team malware analyst Elena Kovakina said Google tracked 30 Android ransomware families in the wild and collected 50,000 samples.

From that set, it examined how the malware carried on, what procedures were abused, and balanced Android accordingly. The point, Kovakina pushed, is to raise the cost of malware advancement for attackers.

“Making malware for Android should be hard,” Kovakina said. “This is why when we analyze malware, we look at what it does and how it does it, such as APIs that are abused. Many system improvements are inspired by the type malware that ran on a device.”

Ransomware rapidly developed from malware that bolted up home screens, to a risk that escalated to scramble information on a local hard drive, files and folders on network system drives.

Some exception ransomware families went too far as to encode machines at the BIOS level.On the mobile side, the most pervasive threats attacked older versions of Android(Android 4.x phones) that are no longer supported with security updates by Google.

A couple of months before a Listener Malware Android.Lockdroid.E infects many devices and instructs the victim to speak the code for unlocking the device.

 The really amazing thing about ransomware is that it flies in the face of some principles of Android security,” Kovakina said. “In Android, we have a good idea of what apps should and shouldn’t be doing.

She also said Apps cannot interfere with the normal behavior of other apps or the device itself. With ransomware, that’s it’s most notorious feature.

Apps, also, cannot damage the device or data. Ransomware does that by encrypting it. Apps should also be able to be uninstalled. Ransomware prevents this.

Kovanina said Google has fundamentally countered the developing ransomware threat on recent Android builds by censuring certain APIs.

One such move accompanied the depreciation of DeviceAdmin, which was being mishandled by 70 percent of ransomware to gain admin privileges.

She said the PHA would popup out the Device Admin window, again and again, looking for administrator rights for the application until the client would give in and permissions. In Nougat, she said the Device Admin prompt now incorporates the choice up front for the client to uninstall the application doing this kind of conduct.

Kovakina said Android O, a designer review of which was discharged March 21, incorporates new framework upgrades went for making Android resistant to ransomware.

She also said Google has moved to errand its VerifyApps malware scanner with blocking ransomware establishments instead of simply cautioning the client of a possibly unsafe application.

Also Read


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles