CATEGORIES
home News

DoubleLocker Android Ransomware Changes Device PIN, Attempts To Drain Bank Accounts

by Paul LillyMonday, October 16, 2017, 11:27 AM EDT
Ransomware

Cybercriminals have developed a new form of Android ransomware that gives victims added incentive to pay up. In addition to scrambling the user's data with an AES encryption algorithm, the new ransomware replaces an infected device's personal identification number (PIN) with one that is randomly generated, effectively locking the rightful owner out. One the ransom is paid, the attacker can remotely reset the PIN and unlock the device.

ESET, a security firm that offers antivirus solutions for both desktop and mobile devices, discovered the new ransomware and dubbed it DoubleLocker, since it locks users out of accessing their data in two ways.

"Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017," said Lukáš Štefanko, the ESET malware researcher who discovered DoubleLocker.


As always, safe computing habits are the best bet against falling prey to something like this. DoubleLocker spreads the same as its banking parent does—it is mostly distributed as a fake Adobe Flash Player through a compromised website. While a user might be easily duped by visiting a legitimate website that's been hacked, avoiding shadier corners of the web lessens the chance this happening.

The crooks behind this ransomware have set the ransom at 0.130 Bitcoin, worth approximately $54, with a message telling the user he or she has 24 hours to pay up. However, unlike some forms of ransomware that permanently deletes date after a set period of time, nothing happens in this case after 24 hours—the data is still on the device, albeit still encrypted as well.

Users who have rooted devices can sidestep the ransomware by factory resetting their device, assuming their device was in the debugging mode before the ransomware was activated. However, a factory reset also means losing any and all data that was stored on the device.
Tags:  Android, security, Ransomware, doublelocker
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment