New Android lock-screen-type Ransomware ITW (ESET Research)

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
WELIVESECURITY.COM - Aggressive android ransomware in USA: Tricks users with adult videos

ESET researchers have discovered the first known Android lock-screen-type ransomware spreading in the wild that sets the phone’s PIN lock.

Malware writers have stepped up their game, and with the new Android ransom-lockers, detected by ESET as Android/Lockerpin.A, users have no effective way of regaining access to their device without root privileges or without some other form of security management solution installed, apart from a factory reset that would also delete all their data.

Moreover, this ransomware also uses a nasty trick to obtain and preserve Device Administrator privileges so as to prevent uninstallation. This is the first case in which we have observed this aggressive method in Android malware.

CLICK HERE TO CONTINUE READING

Unlocking the device

The only way to remove the PIN lock screen without a factory reset is when device is rooted or has a MDM solution capable of resetting the PIN installed. If the device is rooted then the user can connect to the device by ADB and remove the file where the PIN is stored. For this to work, the device needs to have debugging enabled otherwise it’s not possible (Settings -> Developer options -> USB Debugging). User can use the following set of commands to unlock the device:

Code:
> adb shell
> su
> rm /data/system/password.key

After running the above commands, the PIN or password lock screen will be removed and the user can get to the device. In some cases, a device reboot is needed.

Conclusion

Fortunately, you can’t download this application from the official Google Play Store. This Trojan can be delivered to users from third party markets, warez forums or torrents. The most effective way to avoid getting infected and being locked out from your device is by proactive preventative measures.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Fortunately, you can’t download this application from the official Google Play Store. This Trojan can be delivered to users from third party markets, warez forums or torrents. The most effective way to avoid getting infected and being locked out from your device is by proactive preventative measures.
"proactive preventative measures" aka by installing their software... or well you know, you could also only install trusted apps from the appstore and not any random warez site. :rolleyes:
 

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
"proactive preventative measures" aka by installing their software... or well you know, you could also only install trusted apps from the appstore and not any random warez site. :rolleyes:
If Google were to phase out "Unknown Sources - Allow installation from unknown sources", if may prevent some of these serious Android malware, but you aren't always 100% protected from Apps within the Google Play Store.

Android users can use an Antivirus, but remains optional.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
If Google were to phase out "Unknown Sources - Allow installation from unknown sources", if may prevent some of these serious Android malware, but you aren't always 100% protected from Apps within the Google Play Store.

Android users can use an Antivirus, but remains optional.
If a user installs apps which require almost all rights it's not Googles fault if you get infected, so in most cases a healthy brain (which the average user lacks) should be enough to keep you safe on the Play Store. I partly agree on the removal of the unknown sources installation option, imo they should hide it in the developer options so your average joe can't easily enable it. :)
 
  • Like
Reactions: Secondmineboy

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
One guy jumped from a hill and died. That's why I don't like hill at all. Rather I will stay in a bank locker.

-- Kind of same logic who all are saying they do not like Android because of such reason :p
 

Secondmineboy

Level 26
Verified
May 25, 2014
1,559
One guy jumped from a hill and died. That's why I don't like hill at all. Rather I will stay in a bank locker.

-- Kind of same logic who all are saying they do not like Android because of such reason :p

Good point there.

But i will still not like Android HAHA :p
 
  • Like
Reactions: Anupam

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top