Malware developers have been forced to code more advanced software as security measures evolve and people become more educated. They need to be a little more tricky now, and the bad news is these attackers are not really falling behind the big corporations that try to protect us. Ransomware has become especially advanced, and one is currently spreading across America.
Let’s start by telling you what Ransomeware is. This specific kind of malware aims to take money from users by fooling them into willingly paying certain amounts of cash. In this case it would be $500, which is a significant amount of money. It’s also an Android LockScreen Trojan, which means it can lock users out of their devices.
This ESET-discovered malware goes by the name of Android/Lockerpin.A, and it is quite a nasty bug. After successful infection, the software will try to fool you into granting it Device Administrator rights. The trick here is that it does it in very sneaky ways.
In this case, the administrator privilege page is overlaid with a fake window that claims to be a patch update. Of course, inexperienced users may fall for this and press continue, which would be very bad news. The device is now infected and this software has Administrator rights over your phone. It can even change your PIN number and lock you out of your smartphone.
After some time, affected users will be presented with a window containing a fake “FBI” message that claims the user has been viewing prohibited pornographic material. It also mentions he/she should pay a $500 fine for being involved in these “criminal activities”.
Try to leave this message and the screen will be locked. At this point, the user can uninstall Android/Lockerpin.A, but only by doing so through Safe Mode or ADB. But you are out of luck once ransom activity has commenced, as a randomly-generated PIN number will be put in place and successfully take away your access over the phone.
Not even the attacker can unlock the phone at this point. The only way to recover access is to perform a factory data reset. Sure, it may be annoying to have to go through that process, but it’s honestly what I would recommend you do if you are infected, anyways.
The crazy part is that the ransomware even has some defense mechanisms built in. For example, upon trying to disable Administration rights for Android/Lockerpin.A, the software will simply reactivate it. In addition, this Trojan also tries to kill anti-virus processes from ESET, Avast and Dr. Web.
You don’t want to run across this thing, but most people need not worry. The dangerous ransomware is nowhere to be found on the Google Play Store (at least yet). The only way to get infected is by grabbing infected apps from other sources. Those who stick to Google’s official app store will be safe.
If you do have a tendency to download apps from other places, make sure the source is reliable. As I have always said – the best virus protection is smart tech habits.
Have any of you encountered anything like this? It seems like 77% of infected users are in the USA, so we best watch out. Stay alert and don’t trust everything that’s online!