DoubleLocker Ransomware encrypts phone data and locks down Mobile Phone Access

Android users all over the world are hereby alerted about a new form of ransomware which has the potential to encrypt phone data and lock down the device access to its user. According to the researchers from ESET, the ransomware is spreading as a fake Adobe Flash Update via compromised websites and reactivates itself every time the user presses the home button.

Technically, the said malware once downloaded onto the device, asks for activation of ‘Google Play Services’ exploiting a series of permissions via accessibility services. This includes retrieval of window content, turning on enhanced web accessibility in order to install scripts and observing typed in text.

As soon as the DoubleLocker gets appropriate permissions, it installs ransomware as the default home application displaying the user a ransom note as a home screen pop-up.

The ransomware locks down the device in two ways. First, like other forms of ransomware, it encrypts the files on the device and then changes the PIN of the device, effectively blocking the victim from using the phone in any way.

Currently, the hackers/developers spreading DoubleLocker ransomware are demanding a ransom of 0.0130 BTC or $71 to free the phone from ransomware and that too in a 24 hours time frame.

ESET researchers have discovered that the said malware has connections to the old and infamous Svpeng Android banking Trojan, which is one of the oldest Android malware strains having the potential to steal money from mobile wallets.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display