It’s abundantly clear: Android ransomware is on the rise.
Last month, researchers at Kaspersky Lab reported a near-400 percent increase in the number of ransomware targeting Android users over the past year.
Still others have leveraged even more advanced capabilities.
Take Android.Lockdroid.E, for example. The malware resets an Android user’s lockscreen password/PIN/pattern after scaring victims with a system error GUI. It does so by invoking the resetPassword() method as long as the calling application is a device administrator.
As a result, even victims who are able to remove the malware from their devices might not be able to gain access to their phones without a factory reset.
But change is afoot. Google is actively working to prevent ransomware variants from resetting Android users’ passwords.
The change comes in the form of a condition embedded in Android’s newest operating system, Android Nougat.
Symantec security researcher Dinesh Venkatesan explains the condition will allow the resetPassword API to only set and not reset the password:
“This development will be effective in ensuring that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat. Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat.”
Like most things in life, there are a few caveats, however. The condition won’t prevent malware from setting a password on a device with no existing password. The feature will also get in the way of disinfectors, automated tools which clean malware off of infected devices.
To balance out these drawbacks, users should protect their devices with some form of password. They should also download applications only from trusted developers and install an up-to-date anti-virus solution onto their devices.
Android Nougat is expected to begin rolling out to lucky users later in 2016.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.