Home Malware News Android.Lockscreen Ransomware Means Business This Time

Android.Lockscreen Ransomware Means Business This Time

Posted: September 28, 2016

Ransomware Bad Actors Fix a Childish Mistake

android lockscreen ransomware aggressiveAndroid.Lockscreen is one of the many ransomware families that attack Google's popular mobile operating system. Unlike its PC counterparts, it doesn't encrypt any files. As the name would suggest, it instead changes your password, puts up a lockscreen, and locks you out of your phone or tablet.

Android.Lockscreen first started infecting Android devices back in March 2015, and it urged victims to make a phone call to what was represented as technical support. In reality, the hackers were waiting on the other end of the line, and in exchange for a sizable amount of money, they were giving victims a PIN code that would unlock the device.

Some people will most likely decide to pay the ransom and regain access to their phones quickly, which is a shame because researchers were able to find a rather silly mistake in the source code. It turned out that the bad actors had embedded the PIN code into the malware, which meant that regaining access to the device and removing the threat was fairly easy.

For a few months it looked like the ransomware had been eliminated, but at the end of September, researchers from Symantec found a new version. It's quite a bit more sophisticated than the first iteration.

The hackers behind Android.Lockscreen have apparently realized what a childish mistake they'd made with the first version and they've come up with a way to fix it. This time, the ransomware would generate a pseudo-random six- or eight-digit PIN code with the help of a Java function called Math.random (). This means that currently, it's far harder to unlock the infected device without paying the ransom.

Implementing the new function turns the Android.Lockscreen into a far more serious threat. That said, it's still not perfect.

Devices using Android Nougat, for example, will not allow an app to change the password without user intervention. Admittedly, according to Google, at the beginning of September, only a handful of people (about 0.1% of all Android phones and tablets) were using the latest version of the operating system. Even if your phone or tablet is older, you can still avoid the problem.

Android.Lockscreen needs to have permissions before overlaying the screen with a ransom message and changing your password. As we all know, permissions can only be given by the user, which means that the best way to prevent an infection is to be careful what you install and tap on.