Date:16/10/17
Android’s accessibility services are features that help the users to take advantage of an alternative navigation method on behalf of apps installed on the smartphone. The security researchers at ESET have detected a new ransomware that exploits these services.
Detected as Android/DoubleLocker.A, this Android ransomware takes inspiration from a banking trojan named Android.BankBot.211.origin, which is distributed with the help of disguised programs. However, instead of compromising users’ banking accounts, DoubleLocker ransomware has a couple of other tricks up its sleeves.
It’s distributed via fake Adobe Flash Player through infected websites. After it’s launched, the fake app requests the activation of malware’s accessibility service, called “Google Play Service.” This enables the malware to gain admin rights and set itself as default home app.
Being the default home app allows the malware to increase its persistence. Every time a user taps the home button, the ransomware gets activated and the device gets locked.
The attackers have set the ransom to 0.0130 bitcoin, which is about $55. The message tells that it must be paid within 24 hours.
The overall operation of DoubleLocker can be further divided into two parts. First, it changes your device’s PIN. Once the ransom is paid, the attacker can reset the PIN and unlock the device.
Second, the ransomware encrypts all files on device’s primary storage using AES encryption. As per the researchers, there’s no way to recover files without the encryption key.
To get rid of DoubleLocker ransomware, the ESET researchers advise the users to perform a factory reset. In case your device is rooted, there is a method to bypass the PIN lock without a reset.
DoubleLocker, the Android Ransomware that encrypts files and changes PIN Lock
Android’s accessibility services are features that help the users to take advantage of an alternative navigation method on behalf of apps installed on the smartphone. The security researchers at ESET have detected a new ransomware that exploits these services.Detected as Android/DoubleLocker.A, this Android ransomware takes inspiration from a banking trojan named Android.BankBot.211.origin, which is distributed with the help of disguised programs. However, instead of compromising users’ banking accounts, DoubleLocker ransomware has a couple of other tricks up its sleeves.
It’s distributed via fake Adobe Flash Player through infected websites. After it’s launched, the fake app requests the activation of malware’s accessibility service, called “Google Play Service.” This enables the malware to gain admin rights and set itself as default home app.
Being the default home app allows the malware to increase its persistence. Every time a user taps the home button, the ransomware gets activated and the device gets locked.
The attackers have set the ransom to 0.0130 bitcoin, which is about $55. The message tells that it must be paid within 24 hours.
The overall operation of DoubleLocker can be further divided into two parts. First, it changes your device’s PIN. Once the ransom is paid, the attacker can reset the PIN and unlock the device.
Second, the ransomware encrypts all files on device’s primary storage using AES encryption. As per the researchers, there’s no way to recover files without the encryption key.
To get rid of DoubleLocker ransomware, the ESET researchers advise the users to perform a factory reset. In case your device is rooted, there is a method to bypass the PIN lock without a reset.
Views: 415
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
