Blog

Rajib Singha
Android Ransomware Alert! DoubleLocker changes your phone’s PIN and encrypts your data
October 27, 2017

DoubleLocker is an Android ransomware the likes of which have never been seen before. The malware is designed to launch a two-pronged attack – it locks down the phone it infects and encrypts all files stored on the device.

What is spreading DoubleLocker ransomware?
The malware gets into a device when a user is tricked into installing a malicious Adobe Flash Player app from a compromised website.

Once installed, the app asks the user to activate the f the user falls for this trick, the app then gains device administrator rights to carry out its malicious activities.

For your information, Accessibility service is a feature of the Android operating system aimed at helping users with disabilities 

Why is DoubleLocker so dangerous?
DoubleLocker locks the infected device by changing its PIN to a random combination. The new PIN cannot be recovered because it does not get stored on the device nor sent anywhere. Thereafter, it encrypts all the files stored on the device’s primary storage using AES encryption algorithm. Files encrypted by this ransomware have a “.cryeye” extension.

doublelocker_extension

DoubleLocker is more sophisticated and dangerous than other Android ransomware because it tries to remain persistent on the infected device. It does this by setting itself as the default Home app (the home button) by abusing the device admin rights without the user’s knowledge. So, every time the user taps on or presses the Home button, the ransomware gets reactivated and the phone gets locked again. This means, even if the user somehow bypasses the lock screen, pressing the Home button will lock the device again.

The ransom
DoubleLocker demands a ransom of 0.013 Bitcoin ($76.31 at the time of writing this post) to unlock the device and decrypting the files. According to the ransom note, the ransom has to be paid within 24 hours otherwise the data will remain encrypted permanently.

doublelocker_lock_screen

Ransom note

What to do if your phone is infected by DoubleLocker?
Factory resetting the infected device will get rid of the ransomware but would also erase all files stored on the device. In any case, paying the ransom is not advised – there is no guarantee if your phone or files will get back to normal.

How to stay safe from such malware?

> Never download apps from third-party app stores or websites that do not belong to the app’s manufacturer.

> Do not download apps by clicking on advertisements or links received in emails, SMS, and WhatsApp messages.

> Backup all important data in a secure online and offline location.

> Use a reliable mobile security app that can block access to compromised websites and prevent fake or malicious apps from getting installed on your phone.

If you found this article helpful, share it with your friends and acquaintances.

Sources:

www.economictimes.indiatimes.com
http://www.firstpost.com
www.theregister.co.uk

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is a Physics graduate and a technology enthusiast. Besides having a keen interest in the latest gadgets, he is also into IT security and all that it...
Articles by Rajib Singha »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image