Microsoft found a new ransomware MalLocker.B, targeting Android users and lock their screen as part of a ransomware attack.
Microsoft found a new ransomware MalLocker.B, targeting Android users and lock their screen as part of a ransomware attack.
This new ransomware family is known for being hosted on arbitrary websites and distributed on online forums using various social engineering baits, including masquerading as popular apps, video players or cracked games.
Like most Android malware it doesn't block access to files by encrypting them instead block access to devices by displaying a screen that appears over every other window, such that the user can’t do anything else. The said screen is the ransom note, which contains threats and instructions to pay the ransom, designed to look as if it’s from local law enforcement.
Image @Microsoft
How does MalLocker.B work?
The AndroidOS/MalLocker.B ransomware targets the call notification function. This would typically display incoming caller details that cover the entire area of the screen and combine it to stop the user from merely switching apps or returning to the home screen. The AndroidOS/MalLocker.B ransomware also exploits the function that would generally allow users to hold the home button or recent button to switch to another app.
"This creates a chain of events that triggers the automatic pop-up of the ransomware screen without doing infinite redraw or posing as a system window," Microsoft said.
The company said that the ransomware code is heavily obfuscated and made unreadable through name mangling and deliberate use of meaningless variable names and junk code to thwart analysis.
Android users are instructed to avoid downloading apps from unknown sources. If an app is needed, make sure to download from the Play Store or a verified source.
“This new mobile ransomware variant is an important discovery because the malware exhibits behaviours that have not been seen before and could open doors for other malware to follow, ” Microsoft added.
A detailed breakdown of this new threat is available on Microsoft's blog.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?