A new ransomware is doing rounds that could affect your android phone and encrypt all your photos, videos, phone numbers, messages and other data. What is worse is that the malware would lock you out of your phone by changing your phone screen password. The new ransomeware named Double Locker is said to be based on a banking malware. After encrypting data and locking out your phone the malware would demand money to return control of the phone. The demanded money should be paid using the crypto-currency – Bitcoins.
What is a Ransomeware?
Ransomeware belongs to a unique class of malware. Malware (Malicious Software) is a piece of computer programme that uses the vulnerability in a system to do nasty activities like stealing data, corrupting system devices, further spreading Trojans. Ransomeware is usually programmed to gain access to a system using a vulnerability or tricking the user and then encrypts all the data in the system and then demands a ransome from the user to decrypt and return control of the system.
Many should be aware of the WannaCry ransomeware that caused havoc across the world. The latest ware – Double Locker targets Android device and spreads itself as an Adobe Flash Player App. Compared to a windows system, Android systems are built with security in mind. The Android operating system which is based on the Linux kernel will not allow access to any programme/code without initial user permission. However, several vulnerabilities in android OS have been discovered, but the numbers are low compared to windows and other operating systems.
Because of the comparatively good security architecture, most of the attackers who build android malwares try to exploit the easiest vulnerability – the user ignorance. Attackers try various methods to trick the user to install the malware with all the system permissions. The Double Locker malware possess itself as an Adobe Flash Player to gain the trust of the user. This is one of the most exploited psychological factors.
Once the user installs it giving complete system permission, the malware sets itself as the home application (shown in the picture). So once the user clicks the home symbol the virus locks the user out and encrypts all the data in the device and then demands money.
How do you stay safe from this malware?
The user needs to be careful when clicking links and installing any app resembling the Adobe Flash Player. To make sure you are installing the actual Adobe App do it from Google app store as these kind of malware apps are not allowed there. But beware, the hackers could switch its appearance to resemble some other trusted brand.
Any application with complete system access can be made to do any illegal activity. Hence users ought to be careful with app permissions when installing. Apps like Double Locker if embedded with a reverse TCP shell can be made to do other harmful functions after infecting a phone. But so far it doesn’t seem to be making a reverse TCP connection.