The world of Malware is quite an interesting one to talk about. Not so much for the people who are affected by it, but how the malware acts and shows how much someone screws up. From firmware problems that affect small companies, all the way to faulty plug-ins compromising giant enterprises. The worst of it has to be Ransomware, once you get it, more often than not you’re screwed. It’s one of the reasons why people have to be careful about their internet browsing.
This new ransomware threat has come to Android, and it’s starting to make headlines for how it works. Basically, the malware blocks your phone and then changes the SIM Card’s PIN code so not even the Phone Number is salvageable.
Cleverly named “DoubleLocker” the malware is the first to take advantage of the Android Accessibility Services. The way this is done is by installing itself as a bogus “Google Play Services” app. The app is often spread with a fake Adobe Flash prompt on compromised mobile websites.
Once installed, the malware requests user for the activation of ‘Google Play Services’ accessibility feature. Should the user activate the accessibility permission, the app grants itself full administrator rights and sets itself as the default Launcher. In other words, every time the user presses the HOME button, they are activating the Ransomware.
Once executed, DoubleLocker first changes the device PIN to a random value that neither attacker knows nor stored anywhere and meanwhile the malware encrypts all the files using AES encryption algorithm.
The malware then asks for 0.0130 BTC (Which is around $78 USD) and then threatens the victims to pay within 24 hours. If the ransom is paid, the attacker provides a decryption key to unlock the encrypted files. If it isn’t, well, you can always buy a new phone, hopefully the data you lost isn’t that valuable.
People who want to prevent this malware from attacking them can avoid it by downloading apps from trusted sources, like Google play Store, and stick to verified developers. If the user has been affected and their phone is not rooted, they can get rid of the malware with a Factory reset.