Android.Lockdroid.E ransomware could affect 67% of devices

The malware poses as a porn application, giving hackers access to admin rights on devices

Symantec has revealed the Android.Lockdroid.E ransomware could affect up to 67 per cent of Android devices, posing as a porn app called Porn O' Mania, but taking control of the devices it's installed on.

The malware uses a fake package installation (downloaded from unauthorised download sites such as torrent locations) to trick users into thinking it's just a porn application that needs access to certain parts of a device. What it doesn't reveal is that by granting the app access, it's also allowing hackers to act as an administrator on the device.

Installation occurs when a user downloads an app, which then locks the screen and says the victim has installed "forbidden materials." While the user is trying to deal with this issue, unable to do anything with their phone, Android.Lockdroid.E is busy working in the background gathering contacts and other information from the device, encrypting other data, which it then says the user must pay to unscramble.

Other techniques used by the hackers to gain access to admin rights include demanding the user enters their administrator details to access more advanced features in the app. By entering this information, criminals can lock the device screen, reset the device PIN, or perform a factory reset. They can also stop the user from removing the malware, meaning their device is unusable.

"This new ransomware variant has leveled up, adopting more sophisticated social engineering to gain administrator rights," Symantec's Martin Zhang explained.

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user, the system activation dialog is called up and covered by a fake "Package Installation" window.

"The user believes they are clicking "Continue" to install a necessary Google-related package but, in actuality, they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion."

He explained Android users can avoid the malware being installed on their device by ensuring only verified Google Play apps can be installed on their device.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021