Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
DoubleLocker, the Android Ransomware that encrypts files and changes PIN Lock
Android’s accessibility services are features that help the users to take advantage of an alternative navigation method on behalf of apps installed on the smartphone. The security researchers at ESET have detected a new ransomware that exploits these services.
Detected as Android/DoubleLocker.A, this Android ransomware takes inspiration from a banking trojan named Android.BankBot.211.origin, which is distributed with the help of disguised programs. However, instead of compromising users’ banking accounts, DoubleLocker ransomware has a couple of other tricks up its sleeves.
It’s distributed via fake Adobe Flash Player through infected websites. After it’s launched, the fake app requests the activation of malware’s accessibility service, called “Google Play Service.” This enables the malware to gain admin rights and set itself as default home app.
Being the default home app allows the malware to increase its persistence. Every time a user taps the home button, the ransomware gets activated and the device gets locked.
The attackers have set the ransom to 0.0130 bitcoin, which is about $55. The message tells that it must be paid within 24 hours.
The overall operation of DoubleLocker can be further divided into two parts. First, it changes your device’s PIN. Once the ransom is paid, the attacker can reset the PIN and unlock the device.
Second, the ransomware encrypts all files on device’s primary storage using AES encryption. As per the researchers, there’s no way to recover files without the encryption key.
To get rid of DoubleLocker ransomware, the ESET researchers advise the users to perform a factory reset. In case your device is rooted, there is a method to bypass the PIN lock without a reset.
16/10/17 Çap et