A new form of ransomware that targets Android phones has been discovered in the wild. Named DoubleLocker by researchers at ESET, this new variant of ransomware has the ability to encrypt a user’s data and change their PIN, making the phone nearly unrecoverable.
Like many forms of malware on PC, DoubleLocker relies on phishing scams and popup messages to trick users into its installation. Currently, DoubleLocker is propagating through fake notices about updates to phones Flash Player. If a user accepts the notice, the application will request access to the phones Accessibility service, a series of features designed to help users with disabilities. Once turned on, DoubleLocker is free to access all of the devices settings and even grant itself admin rights.
DoubleLocker sets itself apart from most mobile device ransomware in that it uses two methods to prevent users from regaining access to the device. First, DoubleLocker will encrypt all of the files on the infected device. Second, DoubleLocker will reset the users PIN and assign a new access code at random. The reason this is particularly problematic is that the ransomware does not store the new PIN within itself, meaning it is completely unrecoverable. Instead, if a user gives into the ransom demands, the attacker will once again reset the PIN remotely. As an added annoyance and reminder that you have been infected, DoubleLocker sets itself as the default home application. This means that every time a user clicks the home button the phone, the malware will become activated.
Once a device is locked by DoubleLocker, the attacker demands that the user pay 0.0130 Bitcoins, which is approximately $73. Compared to ransomware targeted at PCs, this number is significantly lower, which is probably attributed to the attacker thinking people will be more likely to pay the smaller sum. Users will have 24hours in which to act, after which their files will be permanently encrypted.
Unfortunately, there are very few methods for recovering a phone infected with DoubleLocker. The only surefire method is to initiate a factory reset of the device, which will in turn result in all of the stored data on the device being deleted. The best defense against ransomware on phones is to be aware of the dangers of using 3rd party apps. Users should only use verified apps from trusted downloaders, such as the official Google Play Store. Additionally, just like in the case of PC data protection, users should regularly backup any important data on their phone to a secure location.