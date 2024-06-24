Multiple cybercrime campaigns are targeting outdated Android devices, some aiming to lock them down with a ransomware module and demanding payment on Telegram.

Threat actors were found targeting Android devices running versions that had reached the end of life (EoL) and are no longer receiving security updates, making them vulnerable to known/published flaws.

Over 120 campaigns using malware to target devices were detected by researchers at Check Point, a report from the Bleeping Computer said.

Devices running Android versions 11 or older account for over 87.5% of the total while only 12.5% of infected devices were found running Android 12 or 13.

The targeted devices include models from multiple brands including ones from Samsung, Google, Xiaomi, Redmi, Motorola, OnePlus, Vivo and Huawei.

The malware is spread to vulnerable devices through various means using brands like Instagram, WhatsApp, e-commerce platforms or antivirus apps to trick people into downloading malicious APKs.

Along with the ransomware, the threat campaigns were also found distributing malware that could wipe out all the files on a device, lock the screen rendering the device unusable, the capability to read messages that could compromise two-factor authentications and OTPs and tracking the device’s location.

How to protect against ransomware attacks on older Android devices

Users are advised to download apps only from the official Android app store.

When installing new apps users should ensure they do not grant the apps permissions that they may not need. For example, a simple photo editing or e-commerce app will not require access to the device’s messages or continued location tracking.

Users are also advised to not click on URLs embedded in emails or SMS, and scan apps with Play Protect before launching them.

