Home Cyber Security Now, an Android ransomware that activates when you get a call, press...

Now, an Android ransomware that activates when you get a call, press Home

MalLocker.B is strong enough to elude protections and registers a low detection rate, warn researchers from Microsoft.

Researchers from Microsoft have spotted a latest strain of Android ransomware that abuses the mechanisms behind the ‘incoming call’ notification as well as the ‘Home’ button to lock the screen on a device. This new form, called MalLocker.B, also manages to elude many available protections, registering a low detection rate against security solutions.

Like other Android ransomware, MalLocker.B doesn’t encrypt the files on the device but just
impedes access to the phone.
“The mobile ransomware, detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B, is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop,” read Microsoft’s research.

“This ransomware family is known for being hosted on arbitrary websites and circulated on
online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players,” added researchers.

The actual mechanism implemented by the MalLocker.B ransomware to display the ransom
note is made of two parts: the first abuses the call notification and the second abuses the
‘onUserLeaveHint()’ function, which is activated when users want to push an app into the
background and switch to a new app.

In case of the call feature, the ransomware shows a window covering the entire screen of the device. The one that is triggered by the home touching the home button, prevents people from leaving a ransom note for the home screen or another app.

The researchers believe the malware is exceptionally advanced with distinctive characteristics and behavior. It manages to evade many available protections, registering a low detection rate.
This new threat doesn’t actually block access to files by encrypting them, rather blocks access to devices by displaying a screen that appears over every window. This screen is the ransom note, which contains threats and instructions to pay the ransom.
In the past, Android ransomware used a special permission called ‘SYSTEM_ALERT_WINDOW’ to display their ransom note. The notification was intended to be used for system alerts or errors.
Android threats misused it to force the attacker-controlled user interface to fully occupy the
screen, blocking access to the device. Attackers persuade users to pay the ransom so they can gain access to the device.
To save your device from MalLocker.B and similar malware, users are advised to avoid installing Android apps from third-party stores or forums.


Please enter your comment!
Please enter your name here

Most Popular

Nokia’s rumoured 5.4 with model number TA-1340 spotted on US FCC listing

The phone spotted on the listing with a user manual that shows the camera placement, design, ports, and many more The US FCC Listing now...

Google’s top AI scientist terminated after countering the company’s diversity efforts

Gebru highlighted on her Twitter that Google refrained her off from its systems without any warning and there is no conversation with her about...

India is the next destination for global investments in electronics manufacturing

India's production of electronics escalated from Rs 1,903 billion in FY15 to an estimated Rs 5,465 billion during FY20, at a CAGR of about...

US Justice Department files lawsuit against Facebook for giving jobs to H-1B visa holders only

Facebook had refused to recruit, and hire qualified and potential US workers for more than 2,600 posts The justice department of the US has now...

Recent Comments