At the most recent Kaspersky Lab Security Analyst Summit, Google has unveiled some preventative measures it has developed to counter mobile ransomware. According to them, their aim is to ultimately make the Android OS immune to malicious apps carrying the malware.
Studying Ransomware in the Wild
At the summit, Google showed how it has been dealing with ransomware for its Android mobile OS. Generally, they revealed that their actions involved formally disapproving, or deprecating, certain APIs and outright removing some outdated functionalities.
Rolling back some functionality was a critical part of their strategy, because not only have these targeted capabilities outlived their usefulness to users, they had also become glaring weak spots for attackers to target.
According to Android security team malware analyst Elena Kovakina, Google has tracked 30 Android ransomware families, collecting 50,000 samples of these harmful apps along the way.
From this set, they analyzed how these kinds of malware behaved and what processes were being abused the most. Once they figured this out, they took steps to adjust Android accordingly.
Their goal is to raise the cost of malware development for attackers, making it more expensive to make these apps, thus disincentivizing their creation.
Expanding on this note, Kovakina explained that Google wants to make the decision to make malware for the Android a costly one; hence their rigorous analysis of mobile ransomware.
“Making malware for Android should be hard. This is why when we analyze malware, we look at what it does and how it does it, such as APIs that are abused. Many system improvements are inspired by the type malware that ran on a device.”
Google Counters an Evolving Threat
Typically, ransomware problems have overwhelmingly been an issue for desktop users, especially those running Windows. This is where it has found its greatest amount of success with ever evolving features and capabilities that keep it from being tamed.
While mobile ransomware is relatively rare compared to its desktop counterpart, for Google, the threat is real enough for them to focus their time and resources on the matter.
According to Kovakina, one way Google has countered the evolving ransomware threat is by deprecating certain APIs. One specific example is the deprecation of DeviceAdmin, which was being abused by 70 percent of ransomware to gain elevated privileges.
For example, Kovakina said Google was aware of some malicious or potentially harmful apps that would carry out a denial-of-service attack of sorts against the Android user interface. She said the PHA would pop out the Device Admin prompt over and over, seeking admin privileges for the app until the user would give in and grant permissions.
Google’s response was to give the user the ability to uninstall apps exhibiting this type of behavior by putting the option front-and-center.
Android O, a developer preview of which was released 21st March, includes new system improvements with the goal of making Android invulnerable to ransomware. Additionally, for users on older versions, Google has moved to task its VerifyApps malware scanner with blocking ransomware installations, rather than just warning the user of a potentially harmful app.
What do you think of Google’s campaign to protect Android from ransomware attacks? Let’s hear your thoughts.
Images courtesy of Google and Android