Search This Blog

Thursday, January 19, 2017

Android Locker Malware uses Google Cloud Messaging Service

Last month, we found a new android locker malware that launches ransomware, displays a locker screen on the device, and extorts the user to submit their bankcard info to unblock the device. The interesting twist on this ransomware variant is that it leverages the Google Cloud Messaging (GCM) platform, a push notification service for sending messages to registered clients, as part of its C2 infrastructure. It also uses AES encryption in the communication between the infected device and the C2 server. In this blog we provide a detailed analysis of this malware.



Fortinet Blog

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.