Malware Alert Android DoubleLocker Ransomware Activates Every Time You Hit Home Button

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

frogboy

Level 61
Verified
Jun 9, 2013
6,400
66,940
Operating System
Windows 10
Installed Antivirus
Emsisoft
#1
A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Android's Accessibility service and reactivates itself every time the user presses the phone's Home button.

This particular ransomware strain has connections to the infamous Svpeng Android banking trojan, one of the oldest and most "innovative" Android malware strains.

Across years, Svpeng was the first Android banking trojan to:

⇾ Steal money from people's bank accounts via SMS-based account management services [source]
⇾ Overlay fake login screens on top of legitimate banking apps [source]
⇾ Change PINs, block devices, and ask for ransom (first banking trojan to add ransomware-like features) [source, source]
DoubleLocker is based on Svpeng banking trojan code
ESET researcher Lukas Stefanko, who analyzed DoubleLocker, says the ransomware is based on code taken from the Svpeng banking trojan, and more specifically, the code needed to lock devices and encrypt files. Svpeng's normal banking-fraud-related code has not been included in DoubleLocker, at least for now.

Compared to other Android ransomware strains, DoubleLocker is also more sophisticated. For starters, it is the first Android ransomware to abuse Android's Accessibility service to gain admin rights. This is a well-known attack vector for Android devices.

Full Article. Android DoubleLocker Ransomware Activates Every Time You Hit Home Button