Android flaw used by 74% of ransomware to be fixed in August

News by Max Metzger

A flaw in Android reportedly used by most mobile ransomware is due to be fixed this summer when the new operating system, Android 0, is released

An Android flaw, profited from by nearly three quarters of all ransomware will be fixed in August, a Check Point report has revealed. What is known as the SYSTEM_ALERT_WINDOW command, though used by many legitimate apps, can be harnessed by ransomware to lock users out of their phones.  

For mobiles, ransomware does not encrypt the documents within the device, but rather just locks the screen, preventing the user from actually accessing the phone.

As part of Android version 6.0, apps downloaded from the Google store are granted a startling amount of permissions. Though Google can vet the apps on the store there are a number of cases of rogue malicious apps slipping through its gaze.

Granting the SYSTEM_ALERT_WINDOW permission to an app will allow it to display over another app without notification. The Facebook messenger app, for example, uses it to allow use of the app on the fly. According to Check Point's report, Google has understood the problem that the permission poses but “since most users won't be able to approve the permission manually, such apps could be hurt by it.”

This has a variety of applications for the maliciously inclined and is harnessed by, according to Check Point,  57 percent of adware and 14 percent of banking malware.  In the case of ransomware it displays a persistent lock screen that won't go away until the embattled user pays up. Seventy-four percent of ransomware, says the report, “abuse this permission as part of their operation.”

This is not quite a vulnerability but a flaw in the current permission model. Plenty of legitimate apps use it, as does ransomware. The flaw will be fixed in August with the release of the newest version of the operating system, called “Android 0”.

Daniel Padon, mobile threat researcher at Check Point told SC that though, “There are many other methods ransomware can and does use”, this fix,“will prevent the scenario of ransomware downloaded from Google Play receiving all the permissions it needs automatically.”

Until the fix is fully applied, Check Point encourages users to treat apps with caution and read comments left by others.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews