Malware Alert Android DoubleLocker Ransomware Activates Every Time You Hit Home Button

Discussion in 'Security News' started by frogboy, Oct 13, 2017.

  1. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,129
    62,639
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Android's Accessibility service and reactivates itself every time the user presses the phone's Home button.

    This particular ransomware strain has connections to the infamous Svpeng Android banking trojan, one of the oldest and most "innovative" Android malware strains.

    Across years, Svpeng was the first Android banking trojan to:

    ⇾ Steal money from people's bank accounts via SMS-based account management services [source]
    ⇾ Overlay fake login screens on top of legitimate banking apps [source]
    ⇾ Change PINs, block devices, and ask for ransom (first banking trojan to add ransomware-like features) [source, source]
    DoubleLocker is based on Svpeng banking trojan code
    ESET researcher Lukas Stefanko, who analyzed DoubleLocker, says the ransomware is based on code taken from the Svpeng banking trojan, and more specifically, the code needed to lock devices and encrypt files. Svpeng's normal banking-fraud-related code has not been included in DoubleLocker, at least for now.

    Compared to other Android ransomware strains, DoubleLocker is also more sophisticated. For starters, it is the first Android ransomware to abuse Android's Accessibility service to gain admin rights. This is a well-known attack vector for Android devices.

    Full Article. Android DoubleLocker Ransomware Activates Every Time You Hit Home Button
     
    vemn, XhenEd, Weebarra and 5 others like this.
  2. Jake Miguel

    Jake Miguel Level 2

    Nov 14, 2016
    80
    461
    Singapore
    Are there any android devices hit yet?
     
    vemn, Weebarra and frogboy like this.
  3. Jake Miguel

    Jake Miguel Level 2

    Nov 14, 2016
    80
    461
    Singapore
    vemn, Weebarra and frogboy like this.
  4. vemn

    vemn Level 5

    Feb 11, 2017
    215
    910
    IT SYSADMIN
    Singapore
    Thanks for sharing, @frogboy .
    NExt question is... any sample =)
     
Loading...
Similar Threads Forum Date
Malware Alert DoubleLocker Android Ransomware Explained Security News Monday at 7:40 AM
Sockbot Malware Found in Eight Android Apps Published on Google Play Security News Thursday at 8:32 AM
Sockbot Android Malware Found in Eight Apps on the Google Play Store (600,000 to 2,6M installs) Security News Thursday at 1:16 AM