“Ransomware authors are stepping up their game: they have begun using Google’s Material Design language to create extremely convincing notices/ransom requests that will likely induce many users to pay the asked-for sum.
Spotted and analyzed by Symantec researchers, the latest version of the Lockdroid Android ransomware locks the infected device and shows a fake FBI notice claiming that the user has accessed prohibited content and that their device logs, information on his location and a screenshot of his face are in law enforcements custody.
Usually the user can’t do much besides scrolling through the message, but this Lockdroid variant allows the victim to slide the left-side app drawer on screen or select the menu icon to access a list of the lockscreens options:
You must admit that due to this the threat does look considerably more convincing.
The call log, SMS and browser history and contact list are harvested by the malware directly from the device, and are meant to act as proof of illegal behaviour. The “legal information” section is also a clever touch.
“It should be noted that MaterialDrawers creators did not intend for their work to be used for malicious purposes. The authors of this ransomware simply accessed and used the layout as any other legitimate app developer would,” the researchers explained.
This particular piece of ransomware can be found lurking on third-party app stores, disguised as a legitimate video app. It is also effectively delivered to users whose device has already be compromised with a browser hijacker, which redirects them to sites hosting the ransomware.
As always, users are advised to protect themselves from this and other malware by being careful what apps they install, by using a mobile security solution, and by regularly backing up their data.”