A new virus has been discovered hidden inside Android apps. Named MalLocker.B, the ransomware does not encrypt (seize) the data and files of the infected device as is typical of this type of malware. Worse than that, the attack completely prevents access to the smartphone. This ransomware variety uses mechanisms behind the "incoming call" notification and the "home" button to block victims' devices.
Ransomware takes over the phone screen and displays a ransom note that mimics a police message - Photo: Reproduction/Microsoft
When installed, the ransomware locks the device screen and displays a message that simulates a local police warning stating that the user has committed a crime and, therefore, must pay a fine. The tactic is not new. For over a decade, this type of attack on cell phones and computers displays the same type of fake police fines message.
The highlight of MalLocker.B is the type of technique the attack uses to hook the user. The ransomware uses a two-part mechanism to display its ransom note. The first, in the "incoming call" notification. MalLocker.B uses the notification as support to show the ransom message. And, a second part, uses the "home" button. After being installed, clicking the button to put an app in the background or simply switch applications activates the ransomware and locks the phone screen. The use of both functions is an unprecedented tactic.
MalLocker.B is hidden within apps available for download outside the official Google store. As the ransomware contains a very simplistic and eye-catching code to pass the Play Store evaluations.
Protect Yourself
The simplest way to avoid this ransomware is to not download or install third-party apps on your Android device.
A full technical analysis of this new threat is available on the Microsoft blog.
Source: ZDnet
Tags: