Malware News Android Ransomware Just Became a Little Bit More Sophisticated

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
A previously unsophisticated Android ransomware that locks an Android device's screen has received new updates that make it impossible for security researchers to help victims to unlock their devices.

Android.Lockscreen was a simplistic Android ransomware that appeared in March 2015. For a long period of time, this threat operated by setting a custom PIN code and showing a message on the user's screen, asking him to call a number for technical support.

Users calling this number would be tricked into paying for expensive "technical support" and would then receive the device's new PIN code.

Previous Android.Lockscreen versions could be removed
Security researchers that took a look at this threat soon realized that the ransomware's source code included the PIN code used to locks devices.

For many months, it was easy for security researchers to take a look at the latest Android.Lockscreen samples and extract the PIN code, passing it on to infected victims.

But the crooks caught on to their own mistake, and in recent versions, they changed the mechanism through which they generate the PIN code.
New versions use a pseudo-random PIN code
"Newer variants have eliminated the hardcoded passcode and replaced it with a pseudorandom number," Symantec's Dinesh Venkatesan writes. "Some variants generate a six-digit number and some generate an eight-digit number."

Android.Lockscreen now uses the Java Math.random() function to generate a pseudo-random number, which it sets as the device PIN code.

The ransomware is effective at locking the device only on older Android versions, prior to Google's Nougat release, which included protections to prevent calls for PIN/password resets from other apps, if the PIN was set by a user beforehand.

To prevent losing control over their Android smartphones, users should install apps only from trusted sources, like the Google Play Store, and pay attention to the permissions apps request upon installation. Android.Lockscreen, by the operations it needs to carry out, will require a lot of intrusive permissions, such as the ability to lock the user's screen, change device settings, and overlay messages on top of other apps
Click to expand...
 
  • Like
Reactions: Der.Reisende, shukla44, King Alpha and 1 other person
CMLew

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
I always wondered how would they able to get into the phone?
3rd party external untrusted source (.apk) or in PlayStore hiding gimmickly?

If it's from unknown external source, shouldn't the phone set to restrict/block installing unknown source apps?
 
  • Like
Reactions: Der.Reisende and shukla44
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
    • Wow
Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants
Replies
0
Views
1,098
News Archive
[correlate]
[correlate]
vtqhtr413
    • Like
    • Wow
    • +Reputation
New ransomware fakes Windows Update to trick home users
Replies
5
Views
1,635
News Archive
upnorth
upnorth
upnorth
    • +Reputation
    • Like
    • Wow
Android Malware steals credentials using Optical Character Recognition
Replies
0
Views
961
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top