*New Android Ransomware on Rise: Meet MalLocker.B!*
Today, almost everyone has a smartphone. With smartphone manufacturers and OS Making companies playing a vital role in enhancing the user experience by providing timely Privacy and Security updates, hackers always try to find various loopholes and exploit vulnerabilities to create havoc. Security Researchers have identified a new Android based ransomware that locks users away from their devices and demands a ransom to unlock it.
Researchers state that this ransomware abuses the inbuilt mechanisms behind “incoming call” notification and the “Home” button so as to lock users out of their devices. The ransomware is named “AndroidOS/MalLocker.B” and is hidden inside suspicious and malicious android apps offered on online forums and third-party websites. The ransomware does not encrypt the user files but it simply locks the user from the device. Once installed, the user is locked away and the ransom note appears which prevents the user from dismissing it.
The ransomware poses as fake police fines. Various functions of the Android OS are abuses/exploited. Past techniques included abusing the System Alert window or disabling the functions that interface with the phone’s physical buttons. Further investigations revealed that this Android based ransomware comes with new techniques. A two part mechanism is used to display the ransom note where the first part abuses the “Call” notification while the second part abuses the “onUserLeaveHint()” function. This function is used when users quickly swap applications or when users want to push an app into background and switch to new app. The ransomware trigges when user presses the button like Home or recents.
Similar ransomware was discovered in the year 2017 as well The DoubleLocker abused the accessibility service.
1. Do not install 3rd party applications outside the Google Playstore.
2. Do not click on suspicious links and URLs. There are chances that these maybe embedded with malicious programs that could infect your device.
3. Use a good anti-virus software such as Kaspersky, Microsoft Defender, Symantec and others.
Cyber Security Analyst, Security Research Group, Mindtree.