Researchers at BlueBox security, who identified the vulnerability, dubbed the flaw as Fake ID, which affects all versions of Android operating system from 2.1 (released in 2010) up to Android 4.4, also known as KitKat.
ALL VERSIONS ARE VULNERABLE UPTO KITKAT
A security firm says it has found the first confirmed case of ransomware that encrypts files held by Android devices.
Eset reports that the Trojan – called Simplelocker – targets SD cards slotted into tablets and handsets, electronically scrambling certain types of files on them before demanding cash to decrypt the data.
The message is in Russian, and payment is requested in Ukrainian currency.
One expert said the threat was noteworthy, but limited at this stage
The tool, known as iBanking, is one of the most expensive pieces of malware Symantec has seen on the underground market and its creator has a polished, Software-as-a-Service business model. […]
How it works
Attackers use social engineering tactics to lure their victims into downloading and installing iBanking on their Android devices. The victim is usually already infected with a financial Trojan on their PC, which will generate a pop up message when they visit a banking or social networking website, asking them to install a mobile app as an additional security measure.