Android.Lockdroid.E ransomware could affect 67% of devices

News
1 Feb, 2016

The malware poses as a porn application, giving hackers access to admin rights on devices

Symantec has revealed the Android.Lockdroid.E ransomware could affect up to 67 per cent of Android devices, posing as a porn app called Porn ‘O’ Mania, but taking control of the devices it's installed on.

The malware uses a fake package installation (downloaded from unauthorised download sites such as torrent locations) to trick users into thinking it's just a porn application that needs access to certain parts of a device. What it doesn't reveal is that by granting the app access, it's also allowing hackers to act as an administrator on the device.

Installation occurs when a user downloads an app, which then locks the screen and says the victim has installed "forbidden materials." While the user is trying to deal with this issue, unable to do anything with their phone, Android.Lockdroid.E is busy working in the background gathering contacts and other information from the device, encrypting other data, which it then says the user must pay to unscramble.

Other techniques used by the hackers to gain access to admin rights include demanding the user enters their administrator details to access more advanced features in the app. By entering this information, criminals can lock the device screen, reset the device PIN, or perform a factory reset. They can also stop the user from removing the malware, meaning their device is unusable.

"This new ransomware variant has leveled up, adopting more sophisticated social engineering to gain administrator rights," Symantec's Martin Zhang explained.

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user, the system activation dialog is called up and covered by a fake “Package Installation” window.

"The user believes they are clicking “Continue” to install a necessary Google-related package but, in actuality, they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion."

He explained Android users can avoid the malware being installed on their device by ensuring only verified Google Play apps can be installed on their device.

Read more about