DoubleLocker is a dangerous, yet innovative Android ransomware that changes the unlock code on your device

The DoubleLocker malware replaces the default home button functionality. The malware is triggered when the user taps on the home button.


DoubleLocker is an Android ransomware that changes the PIN or access code of the device and encrypts all the data. This is the first such malware that has been detected that encrypts user data as well as changes the access code. The attackers demand a bitcoin payment that must be paid up within 24 hours. The only way to get rid of the malware is to perform a complete factory reset of the device.

 DoubleLocker is a dangerous, yet innovative Android ransomware that changes the unlock code on your device

Image: ESET,

Lukas Stefanko, a security researcher from ESET who discovered the malware says, "Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017."

The vector of attack is through a fake Adobe Flash player plugin. Once the user is tricked into installing the software, the DoubleLocker malware replaces the default home button functionality. The malware is triggered when the user taps on the home button. Replacing the default home button functionality is also the means used by DoubleLocker to stay persistent on the device. The changed PIN is a randomly generated number that is not stored or sent to the attackers. This makes it impossible for users or even security researchers to recover the PIN. The attackers can remotely reset the PIN on the device.

The files on the device are encrypted using the AES encryption algorithm, and it is not possible for users to recover their data without making the ransom payment and receiving the decryption key from the attackers. After the narrow window of 24 hours, the data will remain in a permanently encrypted state. According to the researchers at ESET, any capable cyber security solution for Android should prevent the device from getting compromised by DoubleLocker.

In 2017, ransomware has emerged as the biggest global cybersecurity threat.

Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.