Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>New Android Ransomware Communicates over Extensible Messaging and Presence Protocol (XMPP)

New Android Ransomware Communicates over Extensible Messaging and Presence Protocol (XMPP)


A new strain of Android ransomware disguised as a video player app uses a means of communication unseen in other similar malware. Most of the victims are in the United States and the mobile crypto-ransomware scam seems to be profitable. According to security researchers, tens of thousands of devices could be infected and to date about 10 percent of the victims have paid up ransoms between $200 and $500. They also stated that its dataset is incomplete and it is likely that more devices are infected and the hackers have pocketed more than the $200,000 to $500,000 estimates. Like most mobile ransomware, these infections begin with the victim downloading a phony application from a third-party app store, in this case a supposed Flash Player app. Once the victim approves installation and the requested permissions, the ransomware encrypts all the data on the phone in exchange for a ransom.
 
Source:
Threat Post
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis