Posted: October 9, 2020

MalLocker Description

MalLocker is a family of screen-locking Trojans that target Android devices, such as phones. Although this family contains many novel characteristics, its attacks against users involve blocking the screen, usually, with a fake police warning. Users should ignore ransom demands from this threat, restore their device by other means, and confirm the removal of MalLocker with compatible security tools.

The Trojan that Goes to Any Lengths Necessary to Block a Phone

Although fake police alerts like the 'Gobierno de España' Ransomware are somewhat antiquated on desktop systems, they remain incredibly-relevant for mobile phone users. MalLocker, a rapidly-evolving family of these threats, specializes in issuing just these fraudulent law enforcement warnings. However, what makes MalLocker unique is more than just what the victim sees, but what's in the code behind its pop-up.

Symptoms of Android MalLocker infections limit themselves to the presence of pop-ups asking for ransoms due to the user's supposedly breaking the law, such as by viewing illicit adult movies. Recent versions of MalLocker even include elements suggesting that the campaigns will auto-adjust the formatting and size of these screen-blocking pop-ups for future appearances of authenticity. As ever, malware experts don't recommend paying the ransom to threat actors; victims always can reset their devices to factory conditions, in worst-case scenarios.

What's interesting about MalLocker is that its screen-locking feature differs in technical implementation through different versions. A recent catch confirms that MalLocker now is the first Android Trojan abusing the onUserLeaveHint function and call notification features default to Android for generating its pop-up and maintaining its foreground persistence. The attack blocks the device in 'brand-new' ways, bypassing previous OS changes by Google that eliminated old vulnerabilities.

The Intricacy behind a Not-So-Simple Locker Trojan

Although MalLocker does no more than blocking the device with its window, its threat actors invest significant, long-term effort into keeping the Trojan potent versus system updates and security solutions. The threat includes impressive obfuscation efforts that might hinder AV vendors from flagging it as threatening, such as meaningless junk code, fake variables, and the lack of class declaration in the initial manifest. Thus, while MalLocker's impact on users may seem simplistic, its core code and modules are comparable to the long-term maintenance and problem-solving that one finds in professional software business products.m

Despite its many features and creative workarounds, MalLocker's family poses limited risk to users who don't pay its fake legal fine. Malware experts recommend resetting most devices to factory conditions and recovering any lost files through remotely-saved backups. Future updates may change the previous conclusion due to the Trojan's rapid and ambitious changes over time.

Users can protect their Android devices by avoiding disreputable and illicit download resources, which are havens for threats like MalLocker. Updated security products also include the best chances of detecting and deleting MalLocker in a bundle before it becomes problematic.

MalLocker might not be squatting on Google's application store, but those who get their files from other places on the Web are putting their home screens on the line. A threat that learns from past mistakes isn't easy to exterminate, even while those in the Web security industry do their utmost.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to MalLocker may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.