Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha




EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

You have declined cookies. This decision can be reversed.

Android DoubleLocker ransomware changes your phone's PIN and locks down data and device

Written by  Oct 13, 2017

"Setting itself as a default home app – a launcher – is a trick that improves the malware's persistence. Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again.

Thanks to using the accessibility service, the user doesn't know that they launch malware by hitting Home," Lukáš Štefanko, ESET malware researcher who discovered DoubleLocker, said in a blog.

The ransomware changes the infected device's PIN, blocking the victim's access to the device. The changed PIN is nearly impossible for either the victim or security experts to retrieve as the hackers operating DoubleLocker neither store the altered PIN nor send it out. The ransomware also encrypts all data stored in the device using the AES encryption algorithm. "The encryption is implemented properly, which means that, unfortunately, there is no way to recover the files without receiving the encryption key from the attackers," Štefanko said.

DoubleLocker is based on a banking trojan and could become a "ransom-banker", which is essentially a "two-stage malware", that tries to wipe out victims' bank or PayPal accounts, locking the device and data down completely. In other words, victims would be unable to access their data, including bank credentials unless a ransom payment is made.

'We are digging our own grave' – Russian Dark Web criminals on the dangers of selling ransomware

"Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017," Štefanko said.

The hackers operating DoubleLocker are demanding a ransom of 0.0130 bitcoins ($54, £40), which the victim is required to pay up within 24 hours. However, if the ransom payment isn't made within 24 hours, the data is not deleted and instead remains encrypted.

Apart from paying the ransom and obtaining the decryption key from the hackers, the only way victims can clean out the infected device of DoubleLocker is to perform a factory reset.

"DoubleLocker serves as just another reason for mobile users to have a quality security solution installed, and to back up their data on a regular basis," Štefanko said.

The hackers operating DoubleLocker are demanding a ransom of 0.0130 bitcoins, which the victim is required to pay up within 24 hours.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

  1. Popular
  2. Trending


« November 2017 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      


Tech Bargains