There is a new Android Ransomware causing havoc in the mobile world.
DoubleLocker encrypts user data and then changes the PIN code, effectively locking users out of their phones unless they reset to factory settings, or they pay.
Here is the Ransomeware in action:
“Its payload can change the device’s PIN, preventing the victim from accessing their device and encrypts the victim’s data,” said Lukáš Štefanko, the malware researcher at security firm ESET who discovered DoubleLocker. “Such a combination hasn’t been seen yet in the Android ecosystem.
“DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals.”
Once launched, the app requests activation of the malware’s accessibility service, named “Google Play Service”. After the malware obtains these accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application, in both cases without the user’s consent.
“Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence,” Štefanko said. “Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting Home.”
DoubleLocker, once activated on a compromised device, changes the device’s PIN, effectively blocking the victim from using it. Second, DoubleLocker encrypts all files from the device’s primary storage directory using the AES encryption algorithm.
This new Android ransomware is the latest security threat on the platform after a recent malware made news with 4.2 million downloads from the Google Play Store.
Our Evaluation at Security News?
The probability of being hit with such ransomware is very low. A user would have to manually click on questionable links to install the app in addition to manually giving away way too many permissions.
Common sense should be your weapon of choice before clicking on any link.