Android ransomware DoubleLocker encrypts data and changes PINs

www.theregister.co.uk | 10/13/2017 | Staff
TaylorShaye (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2017/08/11/lock_shutterstock.jpg?x=1200&y=794

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs.

DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims.

Payload - Device - PIN - Victim - Device

"Its payload can change the device's PIN, preventing the victim from accessing their device and encrypts the victim's data," said Lukáš Štefanko, the malware researcher at security firm ESET who discovered DoubleLocker. "Such a combination hasn't been seen yet in the Android ecosystem.

"DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals."

Nasty - Banking - Trojan - Functionality

The nasty is based on a banking trojan, which means that account-compromising functionality might easily be added.

The Android malware spreads in the very same way as its PC parent, as a fake Adobe Flash Player update that's pushed via compromised websites.

App - Requests

Once launched, the app requests...
(Excerpt) Read more at: www.theregister.co.uk
0 other people are viewing this story
Wake Up To Breaking News!
Sign In or Register to comment.