This New Android Ransomware Gets Activated by Home Button; Encrypts Data & Changes PIN Code

SHARE:

DoubleLocker ransomware deploys technique previously used by trojans to gain full control of the device and completely lock it down.

Security researchers have discovered a new Android ransomware that encrypts data on the infected device and then changes its PIN number to make sure that victims are completely locked out of their devices unless they give into the demands of criminals. Dubbed aptly as DoubleLocker, this latest strain of Android ransomware is distributed through fake Adobe Flash Player downloads using malicious websites.

Misusing Android accessibility services, DoubleLocker is activated once the fake Adobe Flash Player app is launched. The app requests activation of the malware’s accessibility service, named as “Google Play Service,” after which its uses these accessibility permissions to activate device administrator rights and set itself as the default Home application without user consent.

Setting itself as a launcher makes this Android ransomware more persistent, since whenever the user clicks on the Home button, the ransomware gets activated. The only way to get rid of DoubleLocker is to do a factory reset, researchers said.

If you, however, use a rooted Android device, security researchers said that you can get past the PIN lock without a factory reset. “For the method to work, the device needed to be in the debugging mode before the ransomware got activated.”
If this condition is met, then the user can connect to the device by ADB and remove the system file where the PIN is stored by Android. This operation unlocks the screen so that the user can access their device. Then, working in safe mode, the user can deactivate device administrator rights for the malware and uninstall it. In some cases, a device reboot is needed.

This Android ransomware could be used to steal banking credentials in the future

DoubleLocker is developed on the foundations of a banking trojan. While it currently doesn’t have the modules to steal users’ banking credentials, the functionality could be easily added in the future.

“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” Lukáš Štefanko, the ESET researcher who discovered DoubleLocker, said. “Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom.”

Right now, the malware is specifically focused on extorting money from its victims by locking them out of their devices. The ransom has been set to 0.0130 BTC (approximately USD 73 at the time of this writing) with the criminals having added a message that it needs to be paid within 24 hours. ESET added that even after 24 hours, the attackers aren’t wiping the data as it remains encrypted.

While ESET has recommended users to have a strong antivirus solution on their Android devices, having “Unknown Sources” disabled should be enough to stay safe from this particular Android ransomware. Also, those users who even glance at the permissions an app is asking for should be okay since it’s basically telling you that it will change your password and erase your data.

COMMENTS

Name

AI,4,AMD,1,Android,8,Apple,2,Automobile,1,Bitcoin,2,Blogger,7,Bloging,4,Breakthrough,1,Camera,1,Computer,9,CPU,1,Cryptocurrency,1,CuttingEgde,2,CyberSecurity,5,Download,1,Editing,1,Gaming,44,Giveaway,4,Guide,1,Hacking,3,Hacking News,4,Hardware,18,How To,12,i,4,iOS & Mac,9,iPhone,8,Laptop,1,Leak,6,Malwares,1,Marketing,2,Mobile,46,News,5,Notebook,2,Programming,14,Robotics,2,Rumor,5,Science,1,Security,14,SEO,2,Social Media,5,Software,14,Tablet,1,Technology,42,Weapon,1,Web,11,Website,1,Windows,1,
ltr
item
TechFonder: This New Android Ransomware Gets Activated by Home Button; Encrypts Data & Changes PIN Code
This New Android Ransomware Gets Activated by Home Button; Encrypts Data & Changes PIN Code
DoubleLocker ransomware deploys technique previously used by trojans to gain full control of the device and completely lock it down.
https://4.bp.blogspot.com/-hYkPy5o9TJE/WeGaRVcJFWI/AAAAAAAAAz8/-5ALKrEra7QBozHi-4WrZjTinIjCM7uFgCLcBGAs/s400/Lookout-Shedun-Shuanet-ShiftyBug-Bug-Look-Android-Bug-Malware-Lookout-Android-Virus-Malware-UK-Google-Play-Store-Malware-Android-617792.webp
https://4.bp.blogspot.com/-hYkPy5o9TJE/WeGaRVcJFWI/AAAAAAAAAz8/-5ALKrEra7QBozHi-4WrZjTinIjCM7uFgCLcBGAs/s72-c/Lookout-Shedun-Shuanet-ShiftyBug-Bug-Look-Android-Bug-Malware-Lookout-Android-Virus-Malware-UK-Google-Play-Store-Malware-Android-617792.webp
TechFonder
http://www.techfonder.com/2017/10/android-ransomware-activates-home-button.html
http://www.techfonder.com/
http://www.techfonder.com/
http://www.techfonder.com/2017/10/android-ransomware-activates-home-button.html
true
4189235006833635040
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy