Top 4 Types of Android Ransomware

Although most consumers associate malware and ransomware threats with computers, mobile devices are not safe from harm by any means. In fact, various types of Android ransomware have made media headlines over the past few years. Some of these malicious tools remain a threat to this very day. Always be careful when downloading and installing applications from unofficial app stores and other locations.

#4 Simplocker

The name Simplocker may ring a bell for experienced Android users. It was the first mobile ransomware to encrypt files on Android devices. Further research showed this malware was developed by Russian cyber criminals. In fact, Simplocker used parts of Reveton source code, which was the first major ransomware to hit computers worldwide.

Similarly to Reveton, Simplocker tricked users into believing their device was encrypted by law enforcement due to illegal activity. What is intriguing is how this Android malware did not demand a Bitcoin payment to have files decrypted. Instead, victims had to send US$300 through the MoneyPak prepaid service. Although Simplocker has not been heard from since 2015, it remains a security threat to users running older versions of Android on their device.

#3 Adult Player

Unlike what the name suggests, this self-proclaimed porn video player solution is not working as advertised. Even though initial usage of the app works as advertised, it takes photos of the victim with the front facing camera. These pictures are then displayed alongside the ransom message. In exchange for a US$500 payment, users can have their phone decrypted and files made accessible once again. It is possible to remove the malware without paying, although it requires some advanced know-how to do so.




#2 Lockdroid

One of the things about LockDroid that surprises a lot of people is how legitimate the “app” looks. It makes use of Google’s Material Design to trick users into a false sense of security. Moreover, the ransomware generates bogus legal warnings and displays device logs with sensitive user details on the ransom page. Lockdroid was mainly distributed by masking it as an official Google update.

Once an Android device gets infected with this ransomware, the malware starts logging all activity. This includes browser history, text messages, and even recent call record. It also displays a ransom note on the phone’s lock screen. To spice things up, LockDroid never demanded a fixed ransom sum. It is unclear what payment types users had to rely on to receive a decryption key.

#1 Xbot

One of the more recent types of Android ransomware goes by the name of Xbot. In fact, this Trojan can be found in over 20 different application types, making it a nightmare for security researchers.  Xbot mainly aims to steal personal data and login credentials for financial services. However, it can also imitate the Google Play payment screen, as well as login interfaces for e-banking services. The biggest threat is how Xbot intercepts 2FA text messages, which it then uses to access online services.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.