Share

Android Ransomware Spreading Fast

Lockerpin, however, by changing the lock screen PIN, blocks users that have no root privileges or have no security apps installed from gaining any form of access to their device.

Advertisement

After receiving admin rights from the phone’s owner, Android/Lockerpin.A then goes on to change the user’s lock screen PIN, using a randomly generated number. The malware is spreading via a combination of unverified third-party app stores, warez forums, and torrents.

“Based on ESET’s LiveGrid statistics, the majority of the infected Android devices are in the U.S. with a complete percentage share of over 75 percent”, said Lukáš Štefanko, detection engineer at ESET. It’s not clear how many if any victims are caving into extortionate demands.

In a week which has turned critical eyes toward Android security, a new aggressive ransomware has been discovered which seizes control over smartphones by changing PIN codes.

The ransomware is also able to worm its way in to obtaining and keeping Device Administrator privileges, meaning it is extremely tricky for users to uninstall, as when users attempt to deactivate Device Admin for the malware, they will fail because the Trojan will have registered a call-back function to reactivate the privileges when removal is attempted.

According to security company ESET, which uncovered the campaign, the only way to recover access to your phone is through a factory reset, which means that all your photos, videos and contacts will be deleted and, unless they have been backed up, will be lost forever.

The researchers said this represents an evolution of mobile ransomware because, in previous Android LockScreen Trojans, the screen-locking functionality was usually achieved by constantly bringing the ransom window to the foreground in an infinite loop.

The ransomware requires administrator rights to be able to carry out its plan, and the victim unknowingly gives it such power over the device. “All attackers have to do is fill in the email addresses they want to target and wait for the money to come rolling in”, he told Computer Weekly. While annoying, the ransomware could be easily eradicated through uninstalling the malicious application which contained the malware through Safe Mode, or alternatively through Android Debug Bridge (ADB).

Advertisement

Kevin Epstein, VP of advanced security and governance at Proofpoint, commented: “Clearly, there’s a need for targeted attack protection for mobile”. “The social engineering component of this attack, wherein devices are compromised because a user allows the malware administrative rights, suggests mobile users are just as vulnerable as laptop users”.

Promise of 'higher profits' sees US targeted by Android PIN-locking ransomware