Security researchers have uncovered a new ransomware attack that is capable of fully hijacking an Android phone, changing its PIN code and encrypting all its data and files, until the victim pays a ransom. Its name is "DoubleLocker" and is one of the most elaborate ransomwares in Android history.
According to Lukáš Štefanko and the rest of his team of security researchers at ESET, this is the first attack of ransomware that can encrypt the victim's data in addition to preventing access to his mobile phone: "We had never seen a combination of attacks like this in the Android ecosystem. "
Ransomware is presented to the victim as a fake Adobe Flash Player download, and takes advantage of Android accessibility services to block access to the mobile by changing its PIN code.
The worst of the case, according to experts, is that ransomware can affect any Android user, because it does not require that they have root to the device. Once the victim crashes, the ransomware becomes the default Android launcher to control access to the terminal and display the lock screen whenever the user presses the Home button.
Beyond PIN blocking, DoubleLocker also encrypts the victim's data, so there is no way to recover files without the encryption key, which is in the hands of those responsible for ransomware.
Hackers currently demand the payment of 0.0130 Bitcoins (about $ 74 now) to unlock the terminal and its files. Anyone who does not want to pay can do a factory reset to the mobile, but will lose all their files. As always, be careful what you download on your mobile. [ESET via ZDNet]