Well, it’s not a game, and it certainly isn’t fun, especially if you’re holding the phone – but hackers are constantly finding new ways to mess with Android users. This time, it is in the form of a quasi-ransomware coined Dospectus by Secure Sense partner, Blue Coat. We say quasi, because the ransomware doesn’t actually encrypt the victim’s data, but rather takes control of and locks the device.
Dospectus, was revealed after Blue Coat Lab researchers were testing an older Samsung lab tablet running CyanogenMod 10 / Android 4.22, when it viewed a malicious advertisement. This malicious ad was able to install the ransomware without any user interaction due to an exploit kit that had been leaked. The payload of this exploit, classified as Towelroot, contained code that downloaded and installed the ransomware, Trojan.
After viewing the malicious ad, you will first see the following image, a plain white screen with the Android logo and a message to “Update Now. Please Read! Do not turn off or reboot your phone during an update. Please try again later.” Your device will still be functional for a few minutes, but at this point, the damage has been done.
Next, you will see the following image, the actual ransom demand, by the self-titled “Cyber Police”. At this point, your device will be completely locked and you will be unable to do anything other than pay the ransom. Unlike most ransomware these days that require a transfer of Bitcoin – which is essentially untraceable – the hackers are demanding $200 in iTunes gift cards.
Finally, you will see this image, the last pop-up that will remain on your screen until you pay the ransom, or find a way to restore your phone.
If you are a victim of this pesky scam, there is only one you will be able to remove it yourself – by restarting the safe mode on your infected device. The steps per device can be found within that link. However, if your phone is in safe mode already or you simply cannot activate it, the only way to recover your phone is by taking it in to an expert.
As we have previously blogged, the best way to combat ransomware is with the following steps:
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
[i/ii/iii] Images retrieved from Blue Coat: https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware