DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN

Security researchers at ESET have discovered a new type of Android ransomware called DoubleLocker, which not only encrypts user data but also changes the device's PIN.

Security researchers at ESET have discovered a new type of Android ransomware called DoubleLocker, which not only encrypts user data but also changes the device's PIN.

First discovered in May this year, this DoubleLocker ransomware has spread similarly to fake Adobe Flash updates through compromised sites.

DoubleLocker combines a smart infection mechanism with two powerful tools to blackmail its victims. Researchers believe that this ransomware could be upgraded in the future to steal bank certificates, not simply extort money from victims.

Lukáš Štefanko, an ESET malware researcher, said: "DoubleLocker has the ability to change the device's pin code, preventing the victim from accessing the phone and encrypting the victim's data. "Such a combination has never happened in the Android ecosystem. DoubleLocker also abuses Android access services - a popular trick in the cybercrime world."

  1. New ransomware appeared not to send Bitcoin, money, but . nude photos !!!
  2. Can data encryption protect you from Ransomware?

The way ransomware DoubleLocker works

Once installed and launched, the application will ask users to activate the malware access service called "Google Play Service". After the malware receives access rights, it will use them to activate device administrator rights and set itself as the default Home application without the user's consent. That is, whenever the user clicks the Home button, the ransomware will be activated and the device will be locked again. By using the access service, users do not know that they have started the malware by pressing the Home button.

DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN Picture 1DoubleLocker - new ransomware has the ability to encrypt data and change Android device PIN Picture 1

DoubleLocker creates two reasons for the victim to pay a ransom. First, it changes the device's PIN, preventing the victim from using it. Second, it encrypts all data from the main storage directory on Android using AES encryption algorithm.

The ransom amount is set at a relatively modest level of 0.0130 BTC (equivalent to 54 USD).

The best way to protect yourself is to always download applications from trusted sources like Google Play Store and verified developers. Besides, installing an antivirus application is also a safe way to protect your device from malware.

4 ★ | 1 Vote