That is, there’s another app for hijacking your phone:

You are guilty of child porn, child abuse, zoophilia or sending out bulk spam. You are a criminal. The Federal Bureau of Investigation has locked you out of your phone and the only way to regain access to all your data is to pay a few hundred dollars.

That message — or variations of it — has popped up on hundreds of thousands of people’s Android devices in just the last month. The message claims to be from the F.B.I., or cybersecurity firms, but is in fact the work of Eastern European hackers who are hijacking Android devices with a particularly pernicious form of malware, dubbed “ransomware” because it holds its victims’ devices hostage until they pay a ransom.

Ransomware is not new. Five years ago, criminals in Eastern Europe began holding PC users’ devices hostage with similar tools. The scheme was so successful that security experts say many cybercriminals have abandoned spam and fake antivirus frauds to take up ransomware full time. By 2012, security experts had identified more than 16 gangs extorting millions from ransomware victims around the world.

Now those same criminals are taking their scheme mobile, successfully infecting Android devices at disturbing rates. In just the last 30 days, roughly 900,000 people were targeted with a form of ransomware called “ScarePackage,” according to Lookout, a San Francisco-based mobile security firm.

900,000 isn’t a whole lot of mobile phone users in a global market of billions — but it’s enough to generate the profits necessary to keep these illicit activities growing.


cross-posted from Vodkapundit