The Android ransomware that blocks the smartphone

It is customary to describe the ransomware phenomenon as mainly aimed at desktop systems, but even those belonging to the mobile ecosystem are not immune to it. Yet another demonstration comes from the report published by Microsoft researchers describing MalLocker.B, a threat packaged to target the Android world.

MalLocker.B, the new ransomware that targets Android

Takes possession of the smartphone (or tablet) following the installation of applications containing malicious code distributed not through the official Play Store platform, but through forums and third-party sites. Following the setup, it leverages two processes of the operating system to superimpose a screen with the ransom note on everything else. The demand for payment is not direct, but simulates a message from an authority with references to alleged crimes committed and the obligation to pay a fine.

Like most Android ransomware, this new threat does not actually blocks access to files by encrypting them. Rather, it prevents access to devices by showing a screen that overlaps any other, so that the user cannot do anything. Inside a note on blackmail with threats and instructions for payment.

Unlike other ransomware, the files contained in the internal memory are therefore not encrypted. What MalLocker.B does is force the Android mechanism that brings up the screen to answer calls when the phone is locked and the onUserLeaveHint () function for managing multitasking in order to show nothing but the alert in question. It is the first time that researchers engaged in cybersecurity territory have observed behavior of this type, based on a double approach.

The best advice is, as always, to rely exclusively on the Play Store for downloading applications. so count on the protections put in place by Google against malware of all kinds.

Source: Microsoft