Android Ransomware Alert! DoubleLocker changes your phone’s PIN and encrypts your data
Credit to Author: Rajib Singha| Date: Fri, 27 Oct 2017 11:40:59 +0000
DoubleLocker is an Android ransomware the likes of which have never been seen before. The malware is designed to launch a two-pronged attack – it locks down the phone it infects and encrypts all files stored in the device. What is spreading DoubleLocker ransomware? The malware gets into a device when a user is tricked into installing a malicious Adobe Flash Player app from a compromised website. Once installed, the app asks for access to the device’s accessibility service. If the user grants this permission, the app uses it to gain device admin rights to carry out its malicious activities. Why is DoubleLocker so dangerous? DoubleLocker locks the infected device by changing its PIN to a random combination. The new PIN cannot be recovered because it does not get stored in the device nor sent anywhere. It then encrypts all the files stored in the device’s primary storage using AES encryption algorithm. Files encrypted by this ransomware have a “.cryeye” extension. DoubleLocker is more sophisticated and dangerous than other Android ransomware because it tries to remain persistent on the infected device. It does this by setting itself as the default Home app by abusing the device admin rights. So, every time the Home button is pressed, the ransomware gets reactivated and the phone gets locked again. This means, even if the user somehow bypasses the lock screen, pressing the Home button will lock the device. The ransom asked DoubleLocker demands a ransom of 0.013 Bitcoin ($76.31 at the time of writing this post) to unlock the device and decrypting the files. According to the ransom note, the ransom has to be paid within 24 hours otherwise the data will remain encrypted permanently. What to do if your phone is infected by DoubleLocker? Factory resetting the infected device will get rid of the ransomware and also erase all files. In any case, do not pay the ransom – there is no guarantee if your phone or files will get back to normal. How to be smart and stay safe from such malware? > Never download apps from third-party app stores or websites that do not belong to the app’s manufacturer. > Do not download apps by clicking on advertisements or links received in emails, SMS, and WhatsApp messages. > Backup all important data in a secure online and offline location. > Use a reliable mobile security app that can block access to compromised websites and prevent fake or malicious apps from getting installed on your phone. If you found this article helpful, share it with your friends and acquaintances. The post Android Ransomware Alert! DoubleLocker changes your phone’s PIN and encrypts your data appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.
http://blogs.quickheal.com/feed/