This brand new Android threat might not affect a large number of users, but it deserves some attention considering its ingenuity. Unlike other malware threats that need to fool the user to install them, this new ransomware-like attack does it automatically, without the owner of the handset knowing what’s happening. Ironically, after locking down the handset, the program demands payment in iTunes gift cards. But thankfully, there is a way to deal with it.
Discovered by Blue Coat, the malware masquerades as a warning from the U.S. government’s intelligence agencies, and installs itself after users visit certain compromised websites, including porn domains.
Once installed, the program stops all apps and prevents the user from doing anything with the device until a payment of $200 in iTunes gift cards is completed. Luckily, unlike computer ransomware, this program does not encrypt data. That means you can retrieve your personal information by connecting the handset or tablet to a PC. Once that’s done, simply performing a factory reset would remove the threat as all data from the device is wiped out.
It’s not clear how many users the malware has affected so far, but it was first discovered in late February. Identified Cyber.Police publicly and “net.prospectus” internally, the malware works on Android devices running Android versions between 4.0.3 and 4.4.4, which means millions of devices may be exposed to the attack.
Even if you get rid of this type of malware strain, make sure you avoid shady website in the future and use a different browser than the default one that’s installed on your device. These older smartphones, tablets and other gadgets operating Ice Cream or Jelly Bean versions of Android may not be updated to more secure Android builds, which means they might be susceptible to the attack in perpetuity as Blue Coat explains.