Threat actors are increasingly using open-source Android malware to target outdated devices, locking them with ransomware and demanding payment through Telegram.
Multiple cybercrime campaigns are currently exploiting vulnerabilities in outdated Android devices, specifically, those running versions that have reached the end of life (EOL) and no longer receive security updates. This makes them susceptible to known flaws, creating a perfect storm for cybercriminals.
The Scale of the Threat
Researchers at Check Point have identified over 120 malware campaigns targeting these vulnerable devices. A report from Bleeping Computer highlights that a staggering 87.5% of the infected devices are running Android versions 11 or older. In contrast, only 12.5% of the compromised devices are running the newer Android 12 or 13.
Brands and Spread of Malware
The targeted devices span multiple brands, including Samsung, Google, Xiaomi, Redmi, Motorola, OnePlus, Vivo, and Huawei. The malware is distributed through various channels, often masquerading as legitimate apps like Instagram, WhatsApp, e-commerce platforms, or antivirus applications. Users are tricked into downloading malicious APKs, which then infect their devices.
Capabilities of the Malware
The threat campaigns are not limited to ransomware. They also distribute malware capable of:
- Wiping out all files on the device
- Locking the screen, rendering the device unusable
- Reading messages, which can compromise two-factor authentication and one-time passwords (OTPs)
- Tracking the device’s location
How to Protect Against Ransomware Attacks
1. Download Apps from Official Sources
- Always download apps from the official Google Play Store to minimize the risk of downloading malicious software.
2. Check App Permissions
- Be cautious about the permissions you grant to new apps. For example, a photo editing or e-commerce app should not need access to your messages or continuous location tracking.
3. Avoid Clicking on Unknown Links
- Do not click on URLs embedded in emails or SMS messages from unknown sources. These could lead to phishing sites or trigger malware downloads.
4. Use Play Protect
- Ensure you scan apps with Play Protect before launching them to detect potential threats.
The prevalence of malware targeting outdated Android devices highlights the need for continuous vigilance and proactive security measures. Users should be aware of the risks associated with running older versions of Android and take steps to protect their devices from these sophisticated cyber threats. Staying informed and cautious can help mitigate the impact of such malicious campaigns and safeguard personal data and device integrity.
For the latest technology news and updates, subscribe to our tech newsletter, Today’s Cache.