It seems as if it is almost weekly when a new virus, malware or other form of Android-related security or privacy issue arises and today is marking the latest noted issue. In fact, the issue came to light yesterday when Trend Micro published a blog post on a new malware which is going by the ANDROIDOS_SLOCKER.AXBB tag. As is usually the case, the details here are not meant as a form of scaremongering and instead are simply intended to keep Android device owners informed.
In terms of this latest malware, it is said to be solely affecting content which is related to adult websites. At least, that is where the malware has been noted so far and part of the reason for this, is that this is a form of ‘ransomware’ which looks to adopt a ‘name and shame’ stance to force users to make a payment. Upon visiting any of the affected websites, the malware looks to disguise itself as a requested video, instead of the application that it actually is. By downloading and installing the app (believing it to be a video), the app declares that it has gained root control of the device and also turns on the device’s camera to further suggest it is recording the user as evidence.
That said, according to the details, this is one of the malware types which comes with a number of aspects which can should be consider immediate ‘red flags’. The first is in the form of delivery as the links to the affected (and fake) sites normally come in the form of SPAM SMS messages. Secondly, the app does require itself to be installed, as most users who will encounter the issue will be expecting to download a video (which do not typically require ‘installation’), this should be an easy red flag to note. Furthermore, the app will then ask for the user to provide admin permissions. Although, closing the app continues to bring the prompt back up, this will also be another clear indicator to not further interact with the app. Lastly, while the camera activation does help to provide support that the device is being controlled and the user is being monitored, it seems the malware, or more specifically those behind the malware do not have access to either the camera or the contents of the device. It is only a scare tactic.
It is also worth pointing out that Trend Micro do note that phones running a non-native version of Android have the added benefit of being able to completely remove the malicious app even after all of these red flags have been ignored. By simply rebooting the device and disabling admin permissions in the settings, users can easily remove the application altogether. Those interested in reading about this particular vulnerability in more detail, can do so by heading through the source link below.