Eset, a well-known antivirus software manufacturer, has announced the discovery of a new threat called DoubleLocker, a ransomware for Android that – as it was logical to expect given the current times – presents an evolved and sophisticated behavior as it affects mobile devices. DoubleLocker not only locks your smartphone but also encrypts your data and, according to experts, it could be able to steal your bank account or PayPal credentials. Thus, a malware that combines the functions of a ransomware with those of a trojan, a potentially lethal innovation.
DoubleLocker distributes itself via compromised sites in the form of an update request for Adobe Flash Player. This is where experienced users will have already noticed how hackers wanted to exploit a software no longer supported by Android by leveraging the vast majority of users who do not know this detail. Once installed, DoubleLocker requires additional accessibility permissions by masquerading as Google Play Service and, if obtained, sets itself up as the device administrator and launcher and then changes the smartphone’s PIN. The new PIN is not stored and sent to the control server, it is randomly generated so it is unrecoverable. Once the smartphone is inaccessible to the user, DoubleLocker proceeds with the encryption of all the files using the AES (Advanced Encryption Standard) adding the extension “.cryeye” to the name of the files.
And just like the most “classic” ransomware, DoubleLocker also requires the payment of a ransom of approximately 54 dollars (0.0130 bitcoins) within 24 hours. The alternative to payment is to perform a hard reset, i.e., restore the device to factory conditions. If, on the other hand, you have remote management software, there is the possibility of resetting the PIN by regaining control of the device.
Ok the solutions, but what if I really want to avoid a situation like this? Simple as that! Eset stated that the main antivirus programs on the market are able to prevent this type of infection (there is currently no information about the malware detection by Google via the Google Play Protect program). And you can’t miss the usual but necessary right amount of common sense that distracts us from clicking randomly on anything that opens up in front of us.
Sara Avanzi