Malware encrypting files on Windows and demanding a payment to unlock the files is now also spreading on Android devices. Security researcher Kafeine noticed how a malware group called 'Reveton Team' is offering the malware for sale and also found the malware 'in the wild'.
In an advert the developers offer their malware for rent and offer 24/7 support and detailed statistics to their potential customers. The malware comes in different versions like Syslocker, Fake AV, BrowLock and Fake Codecs. Besides providing the malware, the developers also offer methods for infecting systems and distributing the malware. Automated creation of domains for hosting the malware and even payments can also be arranged by them.
Once an user installs the malware, the procedure is the same as on Windows. A window accusing the user for viewing illegal material is presented with logos of well known government agencies. This should give the user the impression he's dealing with a legitimate party. In the windows there's a message alerting the user all his files on the device are encrypted and a payment has to be made in order to unlock it. In this case $300 has to be paid using a prepaid credit card from MoneyPak.
The malware does not automatically install, the hackers make use of social engineering to trick you into downloading an Android file that you need to install. The installation file then asks permission to read phone status and identity, full network access, run at startup and prevent the phone from sleeping.
Everytime the phone reboots the application starts and presents you with the window above. Once it's active you can go to the homescreen but you can no longer start apps or access pictures, videos or music. It's unknown whether Android antivirus software is currently able to detect and block the malware.
