Malware News Android Ransomware Gets Around Auto-Start Restrictions by Hiding as Launcher App

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Mobile malware authors have come up with a new trick that helps Android.Lockscreen, a ransomware strain that targets Google's mobile OS, to start automatically whenever the user reboots his device.

Android ransomware is not as advanced as its Windows counterpart. Most of today's Android ransomware families lack the capability to encrypt user files, which greatly hinders their ability to extort users.

Android.Lockscreen is one of the most effective ransomware families because it locks the user's screen with a random PIN number.

Launcher apps allow malware to gain auto-start privileges
Security researchers from Symantec revealed today a new tactic in Android.Lockscreen's operations, which now disguises its malicious code inside a "launcher app."

Launchers are part of the Android OS responsible for managing some parts of the user interface. Because of this, these apps are launched automatically whenever the OS restarts.

Because Google limited app auto-start capabilities since Android 3.1, the only way a malware author can get auto-start privileges is if he disguises his malware as a launcher app. The reason why most don't is because very few Android users know what launcher apps are, let alone use them.

This is just another Android.Lockscreen variation, which explores a novel method of infecting its users.

Ransomware disguising as generic "Android" launcher app
After installing the malicious launcher app, every time users will press the Home button, a popup will appear listing all the launcher apps, and asking which one the user wants to use.

Symantec says it detected Android.Lockscreen hiding behind a launcher app that used the generic "Android" name.

"Users can prevent the malware from running by carefully selecting the default Android launcher, or any other legitimate launcher that they may have installed, and choosing 'Always' instead of 'Just Once'," the Symantec team recommends.

If you find yourself infected with something Android.Lockscreen, but have yet to use the launcher app, go to your phone's Apps section and uninstall the app ASAP.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top