At the current Kaspersky Lab Security Analyst Summit, Google tossed back on the blind on how it has curtailed ransomware on Android with a blend of censured APIs.
Rollbacks of certain usefulness that had outlasted its value to clients yet still drew the consideration of attackers.Android security team malware analyst Elena Kovakina said Google tracked 30 Android ransomware families in the wild and collected 50,000 samples.
From that set, it examined how the malware carried on, what procedures were abused, and balanced Android accordingly. The point, Kovakina pushed, is to raise the cost of malware advancement for attackers.“Making malware for Android should be hard,” Kovakina said. “This is why when we analyze malware, we look at what it does and how it does it, such as APIs that are abused. Many system improvements are inspired by the type malware that ran on a device.”
Ransomware rapidly developed from malware that bolted up home screens, to a risk that escalated to scramble information on a local hard drive, files and folders on network system drives.
Some exception ransomware families went too far as to encode machines at the BIOS level.On the mobile side, the most pervasive threats attacked older versions of Android(Android 4.x phones) that are no longer supported with security updates by Google.
A couple of months before a Listener Malware Android.Lockdroid.E infects many devices and instructs the victim to speak the code for unlocking the device.The really amazing thing about ransomware is that it flies in the face of some principles of Android security,” Kovakina said. “In Android, we have a good idea of what apps should and shouldn’t be doing.
She also said Apps cannot interfere with the normal behavior of other apps or the device itself. With ransomware, that’s it’s most notorious feature.
Apps, also, cannot damage the device or data. Ransomware does that by encrypting it. Apps should also be able to be uninstalled. Ransomware prevents this.Kovanina said Google has fundamentally countered the developing ransomware threat on recent Android builds by censuring certain APIs.
One such move accompanied the depreciation of DeviceAdmin, which was being mishandled by 70 percent of ransomware to gain admin privileges.
She said the PHA would popup out the Device Admin window, again and again, looking for administrator rights for the application until the client would give in and permissions. In Nougat, she said the Device Admin prompt now incorporates the choice up front for the client to uninstall the application doing this kind of conduct.Kovakina said Android O, a designer review of which was discharged March 21, incorporates new framework upgrades went for making Android resistant to ransomware.
She also said Google has moved to errand its VerifyApps malware scanner with blocking ransomware establishments instead of simply cautioning the client of a possibly unsafe application.