SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
15 Sep 2015

Ransomware resets PIN and permanently locks your smartphones

Malicious apps that disable Android phones until owners pay a hefty ransom are growing increasingly malevolent and sophisticated as evidenced by a newly discovered sample that resets device PIN locks, an advance that requires a factory reset.

Dubbed Android/Lockerpin.A, the app first tricks inexperienced users into granting it device administrator privileges. To achieve this, it overlays a bogus patch installation window on top of an activation notice.

When targets click on the continue button, they really grant the malicious app elevated rights that allow it to make changes to the Android settings. From there, Lockerpin sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

"After clicking on the button, the user's device is doomed," Lukas Stefanko, a security researcher with antivirus provider Eset, wrote in a blog post published Thursday. "The trojan app has obtained administrator rights silently and now can lock [the] device — and even worse, it set[s] a new PIN for the lock screen. Not long after, the user will be prompted to pay a $US500 ransom for allegedly viewing and harboring forbidden pornographic material."

Experienced Android users would likely be suspicious of the fake update windows at the top of this post, but it's entirely plausible newer users would fall for them. Once the continue button is pressed, the app will acquire administrator rights. From there it will change the PIN and periodically continue to overlay a fake window in an attempt to hold on to the elevated privileges. It's the first known Android lock-screen ransomware to set a phone's PIN lock. Because it requires non-paying victims to factory reset their phones, it causes them to lose all of their data.

At the moment, the app is notable mostly for the innovation it shows rather than the real-world threat it poses. That's because it's distributed in third-party app stores and masquerades as an app for serving pornography. Still, it wouldn't be surprising to see this type of app evolve further. If it were to find its way into the official Google Play market — as happens regularly with malicious Android apps — it could represent a real threat for a much larger number of people.

Tags:
Android information leaks LockerPIN fraud
Source:
Ars Technica
2217
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015