Yesterday marks the first time that we ran into the “Cyber Police” Android malware. This hack is caused by “Stage Fright”, a bug in the default Android browser. Google says that it only affects older versions of the Android operating system. Most phones less than a year or two old have been patched or have patches available.
Unfortunately, this gentleman had an older Samsung phone that he has through the AARP that wasn’t patched. Even after trying to boot into safe mode, the only way that we were able to clean up his phone was to do a factory reset. Because of the reset, he lost all of his data and contacts.
Since there doesn’t appear to be a patch for this phone, the best thing to do to combat this is to stop using the built-in browser and use the Chrome browser on Android. He said that he got an ad from Facebook that claimed it was a friend’s birthday. When he clicked on it, he realized that it wasn’t even close to the correct day and shortly thereafter, the “Cyber Police” warning appeared.
We would also suggest not paying the ransom. There is no real guarantee that you will get your phone back and you will just give ransomers more incentive to keep doing what they are doing.
Ars Technica has a good write-up if you want more information.