Android.Lockdroid.E ransomware could affect 67% of devices

The malware poses as a porn application, giving hackers access to admin rights on devices

Symantec has revealed the Android.Lockdroid.E ransomware could affect up to 67 per cent of Android devices, posing as a porn app called Porn O' Mania, but taking control of the devices it's installed on.

The malware uses a fake package installation (downloaded from unauthorised download sites such as torrent locations) to trick users into thinking it's just a porn application that needs access to certain parts of a device. What it doesn't reveal is that by granting the app access, it's also allowing hackers to act as an administrator on the device.

Installation occurs when a user downloads an app, which then locks the screen and says the victim has installed "forbidden materials." While the user is trying to deal with this issue, unable to do anything with their phone, Android.Lockdroid.E is busy working in the background gathering contacts and other information from the device, encrypting other data, which it then says the user must pay to unscramble.

Other techniques used by the hackers to gain access to admin rights include demanding the user enters their administrator details to access more advanced features in the app. By entering this information, criminals can lock the device screen, reset the device PIN, or perform a factory reset. They can also stop the user from removing the malware, meaning their device is unusable.

"This new ransomware variant has leveled up, adopting more sophisticated social engineering to gain administrator rights," Symantec's Martin Zhang explained.

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user, the system activation dialog is called up and covered by a fake "Package Installation" window.

"The user believes they are clicking "Continue" to install a necessary Google-related package but, in actuality, they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion."

He explained Android users can avoid the malware being installed on their device by ensuring only verified Google Play apps can be installed on their device.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021