Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can’t tolerate downtime. But along with the various types of PC malware that are typically used in these attacks, there’s another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.
Released on Thursday, the findings, which were detected using Microsoft Defender on mobile, look at a variant of a known Android ransomware family that has added some clever tricks. That includes a new ransom note delivery mechanism, improved techniques to avoid detection, and even a machine-learning component that could be used to fine-tune the attack for different victims’ devices. While mobile ransomware has been around since at least 2014 and still isn’t a ubiquitous threat, it could be poised to take a bigger leap.