Cyber Police Ransomware Installs Itself, Demands iTunes Gift Cards

Just another day in the world of Android. A latest exploit dubbed "Cyber Police" has been doing the rounds, affecting millions of Android devices. The ransomware installs itself on your Android device, locks it, and so demands to exist paid via - expect for it - the iTunes souvenir card!

Different other malware threats, this latest threat downloads automatically without the user knowing anything about it. The malware masquerades as a alarm from the U.S. government's intelligence agencies and installs itself afterwards a user visits some compromised websites. Beginning reported by Bluish Coat and and so confirmed past Zimperium Labs, the Cyber Police Android ransomware prevents users from doing anything on the device, until a ransom of $200 is paid in iTunes gift cards.

Why named Cyber Police?

If you as well are wondering why this malware is called the Cyber Police, information technology'due south mainly considering of how it works. Serving the exploit using certain compromised websites, including porn domains, the message appears to a user from the U.South. regime explaining that the device has been locked considering the user supposedly browsed illegal websites. Presenting itself as a police enforcement intervention into your browsing habits, it too warns the victim that their history is stored in the database of the U.S. Department of Homeland Security.

android cyber police ransomware

The researchers accept said that this might be the first time an exploit kit has been used to install malicious apps on a devicewithout whatever user interactionon the office of the victim. The attack doesn't even bear witness the application permissions dialog box that appears before installation of any Android app. The exploit kit that is being used to deliver this latest ransomware to Android devices has used several vulnerabilities to install malware onto the victim's device silently in the groundwork. An exploit used in the assault was leaked during the Hacking Team information breach, security researchers at Bluish Coat and Zimperium have confirmed.

The good news - y'all don't accept to pay!

Dissimilar other ransomware cases, this threat doesn't encrypt data. This essentially means that you can retrieve your data past connecting your Android device to a PC and then factory reset it. Manufacturing plant reset would remove the threat along with all of your information from the afflicted device.

The ransomware doesn't threaten to (or really) encrypt the victim's data. Rather, the device is held in a locked land where it cannot be used for anything other than delivering payment to the criminals in the grade of two $100 Apple tree iTunes souvenir bill of fare codes. That'due south unusual because it's far more mutual nowadays for ransomware to demand not-trackablecryptocurrency, similar Bitcoins. In theory, it might exist possible for Apple (or its iTunes gift card partners) to track who used the gift cards provided to the criminals, which may aid investigators identify them.

First documented in December 2022, the newer behavior has just been in existence since this February. If you are using an Android device that is even so on Android 4.0.3 to Android 4.4.4, y'all can autumn victim to this set on. However, those on Lollipop or Marshmallow are safe from this latest Cyber Law ransomware.

For technical details and a list of the affected domains, please visit Blueish Glaze.