A new version of malware that ransoms your device in two ways.
ESET has discovered a new version of malware which is locking up user’s devices and asking for a ransom. This malware, dubbed “DoubleLocker.A” is based on a banking Trojan, but it is not doing the things that a banking Trojan usually does. This is not about colleting user’s credentials or information, this is a ransom scam.
What does it do?
Once installed and activated the malware does two separate attacks. One attack is to change the device’s PIN, making it impossible for users to access their device. In addition to the PIN change, the malware also encrypts all the data it has access to on the device.
The malware sets itself as the default home launcher, and reactivates itself each time the home button is pushed.
How do I get it?
The malware is delivered in the same method that most malware is delivered. It is disguised and another app. In this case, it appears that DoubleLocker.A is being disguised as a version of Adobe Flash Player. Once installed, it asks the user to grant it access to accessibility permissions. With these permissions, it grants itself admin rights to the phone.
The user is presented with a home screen message detailing how to pay the ransom to get their files back. I would bet that even if the ransom was paid, the user still would not get their files back.
As of now, the only way to rid the device of the malware is through a factory reset, meaning of course that all files are lost.
As always, always be sure you know what you are downloading, and be extremely careful about what permissions you are granting applications.