DoubleLocker: Android ransomware changes the smartphone’s PIN

1 Mins read

DoubleLocker: Android ransomware changes the smartphone's PIN

Android devices are spreading new malware, potentially blocking the device by accessing accessibility services.

Ransomware has been discovered by researchers at ESET as Android / DoubleLocker and although it is not programmed to steal banking credentials, it is based on the project of the banking trojan Android.BankBot.211.origin .

No risk for our money, then, but malware can encrypt data and, above all, change the PIN of our phone by preventing it from accessing it.

“Considering its kind of banking malware, DoubleLocker could easily become what we can call a ransom-banker,” explains Lukáš Štefanko of ESET. “A two-step malware that first attempts to clear your bank account or PayPal account and then locks your device and your data to request a redemption … Separate specs, as early as May 2017, we identified a wild test version in the wild of a ransom-banker.”

DoubleLocker can be downloaded as a fake Adobe Flash Player: malware asks for accessibility permissions to get admin rights by setting it as default Home app. Thus, whenever the ignorant user clicks the Home button, ransomware will be activated by locking the device.

The new PIN can not be retrieved by the user in any way, except after payment of a redemption of 0,0130 bitcoins, equivalent to approximately $ 54 (subject to within 24 hours of the request!). DoubleLocker then encodes the root directory files using the AES encryption algorithm, adding the .cryeye extension.

“Without [the software], you will no longer be able to retrieve your original files,” it specifies the note of the redemption if the user attempts to remove the ransomware.

How to remove malware? ESET recommends non-rooted smartphone owners who have a solution that resets PIN to restore factory settings. If your device is rooted, you can connect to the smartphone via ADB and remove the file where the PIN is saved. Obviously, you must have USB debug mode enabled.

Finally, you will need to remove the administrator rights to the malware and then uninstall it.

581 posts

About author
Professional writer with more than 7 years of experience. Joseph has worked as a content creator and editor on different web pages. He has been coordinator and content manager in various editorial teams. He also has extensive experience in SEO and digital marketing.
Related posts
Privacy ProtectionSecurity

The best ways to protect your sensitive data of the smartphone

2 Mins read
The advancement of technology, the benefits of the Internet and the possibilities offered by the different apps that currently exist, allow us…

OnePlus launches its first wearable OnePlus Band on January 11

1 Mins read
Activity wristbands, smart watches and wearables in general have become a highly coveted item by users around the world. The launch will…

How to unlock a cell phone online by IMEI?

2 Mins read
When cell phones are purchased directly from a telephone service provider, they are usually delivered blocked to operate exclusively with their lines…
Power your team with InHype

We don't send spam mails to any of our subscriber. So, relax and subscribe our latest blogs.