Android.Lockdroid.E ransomware could affect 67% of devices

The malware poses as a porn application, giving hackers access to admin rights on devices

Symantec has revealed the Android.Lockdroid.E ransomware could affect up to 67 per cent of Android devices, posing as a porn app called Porn O' Mania, but taking control of the devices it's installed on.

The malware uses a fake package installation (downloaded from unauthorised download sites such as torrent locations) to trick users into thinking it's just a porn application that needs access to certain parts of a device. What it doesn't reveal is that by granting the app access, it's also allowing hackers to act as an administrator on the device.

Installation occurs when a user downloads an app, which then locks the screen and says the victim has installed "forbidden materials." While the user is trying to deal with this issue, unable to do anything with their phone, Android.Lockdroid.E is busy working in the background gathering contacts and other information from the device, encrypting other data, which it then says the user must pay to unscramble.

Other techniques used by the hackers to gain access to admin rights include demanding the user enters their administrator details to access more advanced features in the app. By entering this information, criminals can lock the device screen, reset the device PIN, or perform a factory reset. They can also stop the user from removing the malware, meaning their device is unusable.

Advertisement
Advertisement - Article continues below

"This new ransomware variant has leveled up, adopting more sophisticated social engineering to gain administrator rights," Symantec's Martin Zhang explained.

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user, the system activation dialog is called up and covered by a fake "Package Installation" window.

"The user believes they are clicking "Continue" to install a necessary Google-related package but, in actuality, they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion."

He explained Android users can avoid the malware being installed on their device by ensuring only verified Google Play apps can be installed on their device.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019