14 DAY TRIAL // A stubborn piece of police scareware holds Android devices hostage until a fee is paid via Money Pak and PayPal My Cash transfers, and it increases the ransom to $1,500 / €1,400 if users attempt to unlock the device on their own.
The nasty threat arrives via an email message claiming to deliver an update for Adobe Flash Player, and immediately after installation, it plasters a fake FBI warning on the screen and locks the device, motivating the action with a claim that the user accessed websites featuring adult content.
Ransom jumps from $500 to $1,500
To make the message more credible, the attackers attach screenshots of the browsing history and warn that a picture of the victim has also been taken, suggesting that they can be identified.
Initially, the ransom for unlocking the device is $500 / €460, but it triples up if the victim tries to get out of the jam on their own, Romanian antivirus vendor Bitdefender says in a blog post on Tuesday.
Telemetry data gathered by the company from its systems revealed that last week more than 15,000 email messages carrying the malware piece were detected.
Users need to remove malware via ADB
The threat is detected as Android.Trojan.SLocker.DZ and it is considered one of the most prevalent forms of ransomware, as it is frequently updated by its authors in an effort to evade detection.
Bitdefender says that the malicious emails are sent from servers located in Ukraine. The messages come from addresses with different top-level domains, .edu, .com, .org and .net being among them.
According to the researchers, once the scare message is shown on the home screen of the device, there is little the user can do to get rid of it and the procedure requires having the Android Data Bridge (ADB) command line tool already activated at the moment of the infection.
ADB enables communication and control of the device from a computer, over an USB connection. This way the malware can be removed. However, this process requires certain technical skills.