Home Cyber Security Now, an Android ransomware that activates when you get a call, press...

Now, an Android ransomware that activates when you get a call, press Home

MalLocker.B is strong enough to elude protections and registers a low detection rate, warn researchers from Microsoft.

Researchers from Microsoft have spotted a latest strain of Android ransomware that abuses the mechanisms behind the ‘incoming call’ notification as well as the ‘Home’ button to lock the screen on a device. This new form, called MalLocker.B, also manages to elude many available protections, registering a low detection rate against security solutions.

Like other Android ransomware, MalLocker.B doesn’t encrypt the files on the device but just
impedes access to the phone.
“The mobile ransomware, detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B, is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop,” read Microsoft’s research.

“This ransomware family is known for being hosted on arbitrary websites and circulated on
online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players,” added researchers.

The actual mechanism implemented by the MalLocker.B ransomware to display the ransom
note is made of two parts: the first abuses the call notification and the second abuses the
‘onUserLeaveHint()’ function, which is activated when users want to push an app into the
background and switch to a new app.

In case of the call feature, the ransomware shows a window covering the entire screen of the device. The one that is triggered by the home touching the home button, prevents people from leaving a ransom note for the home screen or another app.

The researchers believe the malware is exceptionally advanced with distinctive characteristics and behavior. It manages to evade many available protections, registering a low detection rate.
This new threat doesn’t actually block access to files by encrypting them, rather blocks access to devices by displaying a screen that appears over every window. This screen is the ransom note, which contains threats and instructions to pay the ransom.
In the past, Android ransomware used a special permission called ‘SYSTEM_ALERT_WINDOW’ to display their ransom note. The notification was intended to be used for system alerts or errors.
Android threats misused it to force the attacker-controlled user interface to fully occupy the
screen, blocking access to the device. Attackers persuade users to pay the ransom so they can gain access to the device.
To save your device from MalLocker.B and similar malware, users are advised to avoid installing Android apps from third-party stores or forums.


Please enter your comment!
Please enter your name here

Most Popular

Jailbreaking used Teslas picks up as firm removes paid-for features remotely

Tesla buyers, who are tired of complaining about the company’s software update revoking features they have availed for years now, are now turning to...

Google finds new Windows zero-day bug

A zero-day bug in Windows 7 and 10 is actively exploiting the vulnerabilities in the older versions of the operating system, revealed Google in...

Samsung launches SmartThings Find to locate lost devices

Samsung has launched SmartThings Find service to help users locate Galaxy devices in case of theft or misplacement. The app can help you locate not...

Smartphones launching in November 2020

October 2020, better known as Techtober in the smartphone industry for its avalanche of launches, is at its close. However, that’s not going to...

Recent Comments