After PC Cerber's Ransom Note Has Been Found In Two Android Apps

Jun 21
08:16

2017

Juhi Afreen

Juhi Afreen

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

The Cerber Ransomware is very similar to other ransomware which usually, encrypt the victim’s files saved on all the connected drives on the computer. The attack was mostly found on Windows PC But now the hacker is attacking Android devices also.

mediaimage

The malware researchers have just found the ransom note of Cerber in the source code of two Android applications. Accechiamoli and ForzaFò,After PC Cerber's Ransom Note Has Been Found In Two Android Apps Articles which include the infamous README.hta file, which can be downloaded directly from Google Play Store. It is disturbing and terrifying to discover that the developers of this dangerous malware have decided to expand their target field. However, we can say this is not a serious problem. The new malicious campaign for Android devices has not yet been launched. Thus, the virus currently affects only users of the Windows operating system. Therefore, fans of the Italian football club "Foggia Calcio" should not be worried about the possibility of being infected by this ransomware.

 The ESET security team analyzed these two applications in search of the destructive load of Cerber. However, they found nothing suspicious and potentially dangerous for Android devices. The scanner only detected the README.hta file - Cerber's ransom note. According to Lukas Stefanko, ESET's mobile security expert, one of the reasons why this file was found in these applications is that the developer of this application, namely Francesco Pio Recchia, had been the victim of an attack Of Cerber. During the attack, the virus generated a ransom note in each folder containing encrypted files. Therefore, if the developer did not extract these files, they could have been left in the application's icon folder.

 Another hypothesis suggests that the designer of the icons that are used in the applications Accechiamoli and ForzaFò could have themselves suffered from the attack of Cerber. Thus, the ransom note would have been accidentally left in the icons folder. Also, the developer certainly did not check it and simply copied and pasted it. In fact, the ransom note had just gone unnoticed. However, these are only hypotheses. The truth about what really happened is still unknown.

 However, although HTA files can be used for spreading file encryption viruses, this is not the case. The README.hta file is not malicious and does not have an attack code. Security programs have identified it as malicious, but the truth is that it can not cause any damage to the device. These are simple instructions about what hackers require of their victims after a ransom attack. The ransom note includes information on data encryption and ransom payment requirements to retrieve them. Victims are encouraged to transfer an amount to Bitcoins through the special Cerber payment website that they can access using only the Tor browser. However, We want to remind the victims of this ransom that they must not follow the instructions of cyber criminals. Paying the ransom does not guarantee that you get back access to your files.

 

Article "tagged" as:

Categories: