ESET researchers have recently revealed a new string of ransomware for Android based mobiles called Double Locker (Android/DoubleLocker.A) which manipulates Android accessibility services to completely locked down your phone. According to ESET the malware doesn’t harvest your sensitive information and forward them on to the criminal underground but it is a huge inconvenience and probably the first wave of serious high-grade malware to hit the mobile device community.
Firstly, Double Locker changes the phone PIN code to prevent access and then encrypts the phone so it can no longer be used. As such, the only way to get access is to pay up (which we do not advise) or wipe the phone and start again.
Lukas Stefanko said “Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017,”
Sadly, the infection style has not changed and is somewhat old school, Double Locker is installed through a fake Adobe Flash player which pops up on compromised websites.
“Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence. Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting Home,” explains Štefanko