Antivirus Firm
Home » antivirus » New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

DoubleLocker—as the name suggests, it locks device twice.

Security researchers from Slovakia-based security software maker ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN.

On top of that:

DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides users alternative ways to interact with their smartphone devices, and mainly misused by Android banking Trojans to steal banking credentials.

“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” said Lukáš Štefanko, the malware researcher at ESET.

“Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom.”

Researchers believe DoubleLocker ransomware could be upgraded in future to steal banking credentials as well, other than just extorting money as ransom.Once installed, the malware requests user for the activation of ‘Google Play Services’ accessibility feature, as shown in the demonstration video.
After obtaining this accessibility permission, the malware abuses it to gain device’s administrator rights and sets itself as a default home application (the launcher)—all without the user’s knowledge.

“Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence,” explains Štefanko.

“Whenever the user clicks on the home button, the ransomware gets activated, and the device gets locked again. Thanks to using the accessibility service, the user does not know that they launch malware by hitting Home.”

Once executed, DoubleLocker first changes the device PIN to a random value that neither attacker knows nor stored anywhere and meanwhile the malware encrypts all the files using AES encryption algorithm.
DoubleLocker ransomware demands 0.0130 BTC (approximately USD 74.38 at time of writing) and threatens victims to pay the ransom within 24 hours.If the ransom is paid, the attacker provides the decryption key to unlock the files and remotely resets the PIN to unlock the victim’s device.

How to Protect Yourself From DoubleLocker Ransomware

According to the researchers, so far there is no way to unlock encrypted files, though, for non-rooted devices, users can factory-reset their phone to unlock the phone and get rid of the DoubleLocker ransomware.
However, for rooted Android devices with debugging mode enabled, victims can use Android Debug Bridge (ADB) tool to reset PIN without formatting their phones.
The best way to protect yourself from avoiding falling victims to such ransomware attacks is to always download apps from trusted sources, like Google play Store, and stick to verified developers.
Also, never click on links provided in SMS or emails. Even if the email looks legit, go directly to the website of origin and verify any possible updates.
Moreover, most importantly, keep a good antivirus app on your smartphone that can detect and block such malware before it can infect your device, and always keep it and other apps up-to-date.

About antivirusfirmadmin

Buy, Renew, Antivirus, Antivirus Software, Antivirus Software License, Best Antivirus Software Provider Company in Delhi - India

 

Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. Antivirus software was originally developed to detect and remove computer viruses. Antivirus Firm can protect from malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets DDoS attacks.

 

Antivirus Firm is an IT Monteur Antivirus Software Provider Company provides Managed Antivirus Software Support, Antivirus Software Install, Configuration, Support, Antivirus Security Service Provider, Computer Security Services, Antivirus Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Anti Virus Software Service Provider in India

 

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket