This new Ransomware Not Just Encrypts Your Android, But Also Changes PIN Locks

If your phone is Android, avoid downloading any type of adobe Flash player Software or whatever it seems to you, especially from unsafe web pages. As the well-known computer security company, ESET has recently discovered a new type of ransomware that gravely attacks mobile phones with Android operating systems.

DoubleLocker is based on a banking Trojan, so in the first instance collects the bank or PayPal credentials of the users to empty their accounts or even eliminate them. In addition, it is able to encrypt the accessibility data of the infected device and then change the PIN number. Thus, users can not access their equipment until they pay the ransom demanded by the cyber-criminals.

The new PIN set based on the random value, so it is not-stored on the device or sent to another location. This is why neither the user nor a security expert can recover it. After the extortion payment has been made, the cyber-criminal resets the PIN remotely and unlocks the device.    

According the company's researchers in computer security, this is the first time android malware has been created that combines both data encryption and PIN change.

"Due to it's banking threat roots, DoubleLocker could well become what we can call ransom-bankers. It is malware that works in two stages. Firstly, try to empty your bank account or PayPal and then lock your device and information to request the payment of the ransom."

Ransom spreads via fake Adobe Flash Player downloads from compressed websites and installs itself after it is granted access through the Google play Store.

Establishing itself as a default startup application is a trick that improves the persistence of malware. Each time the user clicks the Start button, the malware gets activated in your device.
   ESET researches shows in the video below how it actually works:

How to protect yourself from DoubleLocker?

The recommendation is to perform the factory rest of the device. However, it is possible to overcome the PIN lock with out restarting it on connected smartphones, only if they were in debug mode before ransomware was activated. In that case, the user can connect through ADB and delete the system file that stores the PIN. This will unlock the screen and can be accessed.

You can also disable the smartphone administrator rights for the malware and uninstall it. For this, sometimes it is necessary to restart it.    

      

Comments

Popular posts from this blog

Best Remote Desktop Software AnyDesk or TeamViewer?

Is Google I/O '23 giving AI a busy year? Here are few key highlights

Highlights of CES 2022