WELIVESECURITY.COM - Aggressive android ransomware in USA: Tricks users with adult videos
ESET researchers have discovered the first known Android lock-screen-type ransomware spreading in the wild that sets the phone’s PIN lock.
Malware writers have stepped up their game, and with the new Android ransom-lockers, detected by ESET as Android/Lockerpin.A, users have no effective way of regaining access to their device without root privileges or without some other form of security management solution installed, apart from a factory reset that would also delete all their data.
Moreover, this ransomware also uses a nasty trick to obtain and preserve Device Administrator privileges so as to prevent uninstallation. This is the first case in which we have observed this aggressive method in Android malware.
CLICK HERE TO CONTINUE READING
Unlocking the device
The only way to remove the PIN lock screen without a factory reset is when device is rooted or has a MDM solution capable of resetting the PIN installed. If the device is rooted then the user can connect to the device by ADB and remove the file where the PIN is stored. For this to work, the device needs to have debugging enabled otherwise it’s not possible (Settings -> Developer options -> USB Debugging). User can use the following set of commands to unlock the device:
After running the above commands, the PIN or password lock screen will be removed and the user can get to the device. In some cases, a device reboot is needed.
Conclusion
Fortunately, you can’t download this application from the official Google Play Store. This Trojan can be delivered to users from third party markets, warez forums or torrents. The most effective way to avoid getting infected and being locked out from your device is by proactive preventative measures.
ESET researchers have discovered the first known Android lock-screen-type ransomware spreading in the wild that sets the phone’s PIN lock.
Malware writers have stepped up their game, and with the new Android ransom-lockers, detected by ESET as Android/Lockerpin.A, users have no effective way of regaining access to their device without root privileges or without some other form of security management solution installed, apart from a factory reset that would also delete all their data.
Moreover, this ransomware also uses a nasty trick to obtain and preserve Device Administrator privileges so as to prevent uninstallation. This is the first case in which we have observed this aggressive method in Android malware.
CLICK HERE TO CONTINUE READING
Unlocking the device
The only way to remove the PIN lock screen without a factory reset is when device is rooted or has a MDM solution capable of resetting the PIN installed. If the device is rooted then the user can connect to the device by ADB and remove the file where the PIN is stored. For this to work, the device needs to have debugging enabled otherwise it’s not possible (Settings -> Developer options -> USB Debugging). User can use the following set of commands to unlock the device:
Code:
> adb shell
> su
> rm /data/system/password.keyAfter running the above commands, the PIN or password lock screen will be removed and the user can get to the device. In some cases, a device reboot is needed.
Conclusion
Fortunately, you can’t download this application from the official Google Play Store. This Trojan can be delivered to users from third party markets, warez forums or torrents. The most effective way to avoid getting infected and being locked out from your device is by proactive preventative measures.
