Researchers from ESET security software company found the first type of ransomware (threat asking ransom to free files) that blocks the screen devices infects.
Lockerpin , as is his name, change the password to access the computer, rendering it unusable for the user.
In the past, attempts to spread malware of this type were to put in the foreground a ransom to release files screen, but thanks to various commands any expert could return control of the cell to the user.
” Unfortunately, malware redoubled their efforts and their new ransomware Android blocking users no longer have an effective way to regain access to their devices without root privileges or without a solution installed security management. They also have to restore the factory settings, which clears all your data, “he said ESET.
Lockerpin employs a tactic to preserve the device administrator privileges, removing environmental control the user can exercise to delete unwanted content. “This is the first case where we saw this very aggressive approach in Android malware,” said the company.
This Trojan uses social engineering techniques to trick users and get them to install. The ransomware pretends to be a video adult or a mobile application for pornographic videos. In all observed cases, the application
called Porn Droid .
After installation, the malware attempts to gain administrator privileges device to make it more difficult to remove. We achieved because users often do not read the requirements of the apps installed.
No However, in more recent versions, the Trojan gets the device administrator rights in a much more covert way. The activation window is obscured by the window malicious Trojan that poses as the “installation of an update patch”.
When the victim clicks on this harmless-looking facility, but also activates knowing administrator privileges on the underlying device hidden window:
Once the user clicks the button, the device is already doomed: the application of the Trojan obtained administrator rights and silently You can now lock the device and, what is worse, set a new PIN lock screen .
Not long after, it will prompt the user to pay a ransom of u $ s500 view and save allegedly prohibited pornographic material.
When this false alert appears, the screen is locked, in the typical way of Trojans blockers screen for Android. The user can now uninstall Android / Lockerpin.A either entering the safe mode or using Android Debug Bridge (ADB).
The problem is that as the PIN is reset, neither the owner nor the attacker can unlock the device, because the PIN is generated randomly and not the attacker is sent. The only practical way to unlock it is restoring the factory settings.
ESET said antimalware solutions are able to detect the new threat. The security company published on the web solutions for those who have suffered Lockerpin installation.
No comments:
Post a Comment