A new module for an Android banking trojan indicates that mobile devices may be the next frontier for ransomware.
An Android Banking Trojan with an already extensive toolkit recently gained a ransomware module. While banking malware is an all too prevalent a threat for mobile devices, ransomware isn’t a technique commonly deployed against mobile devices, making this particular piece of malware notable. Banking trojans come in the form of malware-laden apps that pose as legitimate apps in order to trick unsuspecting users into installing them. Once installed, the malware steals information, especially user credentials for banking and other financial services, then uploads that information to a command-and-control (C2) server controlled by the threat actor behind the attack. Ransomware encrypts files on infected devices with encryption keys known only to the attacker, rendering the files inaccessible to the victims.
