tech2 News StaffOct 27, 2017 14:03:52 IST
DoubleLocker is an Android ransomware that changes the PIN or access code of the device and encrypts all the data. This is the first such malware that has been detected that encrypts user data as well as changes the access code. The attackers demand a bitcoin payment that must be paid up within 24 hours. The only way to get rid of the malware is to perform a complete factory reset of the device.
Lukas Stefanko, a security researcher from ESET who discovered the malware says, "Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017."
The vector of attack is through a fake Adobe Flash player plugin. Once the user is tricked into installing the software, the DoubleLocker malware replaces the default home button functionality. The malware is triggered when the user taps on the home button. Replacing the default home button functionality is also the means used by DoubleLocker to stay persistent on the device. The changed PIN is a randomly generated number that is not stored or sent to the attackers. This makes it impossible for users or even security researchers to recover the PIN. The attackers can remotely reset the PIN on the device.
The files on the device are encrypted using the AES encryption algorithm, and it is not possible for users to recover their data without making the ransom payment and receiving the decryption key from the attackers. After the narrow window of 24 hours, the data will remain in a permanently encrypted state. According to the researchers at ESET, any capable cyber security solution for Android should prevent the device from getting compromised by DoubleLocker.
In 2017, ransomware has emerged as the biggest global cybersecurity threat.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.