New Android virus steals all your money and locks your phone

ThreatFabric experts have discovered a dangerous Android virus called RatOn. This trojan combines two types of attacks at once: stealing money from bank accounts and installing ransomware. This approach makes it one of the most dangerous threats to Android users today.

How RatOn works

First, RatOn accesses data on your smartphone and autonomously logs into banking apps and crypto wallets. It is able to intercept PINs, authorize accounts, and transfer funds without the attacker’s involvement.

At first, RatOn accesses smartphone data and enters banking apps and cryptocurrency wallets on its own.

When the accounts are emptied, the trojan automatically activates ransomware. It encrypts all data on the device and blocks access. A ransom demand is sent to the owner, although the money in their accounts may already be lost.

Not an isolated incident

RatOn — is not the only example of a combined attack. In August, researchers already recorded a similar scenario with a modification of the Android Trojan Hook. Experts warn that attackers are improving their tools, bypassing banking defenses, and using ransomware as a backup.

How the virus spreads

According to ThreatFabric, RatOn most often infiltrates devices via fake apps distributed on sites that mimic the Google Play Store. Most often, these «programs» masquerade as popular social networking sites such as TikTok.

Hook, on the other hand, was distributed through GitHub, where apps are posted by the developers themselves and are not always vetted in advance.

How to protect yourself

• install apps only from official Google Play;
• check the developer and reviews before downloading;
• enable Google Play Protect so that the system checks apps for viruses;
• do not click on suspicious links, especially those promising free versions of paid programs;
• use proven antivirus solutions for Android.