MalLocker
MalLocker is a family of screen-locking Trojans that target Android devices, such as phones. Although this family contains many novel characteristics, its attacks against users involve blocking the screen, usually, with a fake police warning. Users should ignore ransom demands from this threat, restore their device by other means, and confirm the removal of MalLocker with compatible security tools.
The Trojan that Goes to Any Lengths Necessary to Block a Phone
Although fake police alerts like the 'Gobierno de EspaƱa' Ransomware are somewhat antiquated on desktop systems, they remain incredibly-relevant for mobile phone users. MalLocker, a rapidly-evolving family of these threats, specializes in issuing just these fraudulent law enforcement warnings. However, what makes MalLocker unique is more than just what the victim sees, but what's in the code behind its pop-up.
Symptoms of Android MalLocker infections limit themselves to the presence of pop-ups asking for ransoms due to the user's supposedly breaking the law, such as by viewing illicit adult movies. Recent versions of MalLocker even include elements suggesting that the campaigns will auto-adjust the formatting and size of these screen-blocking pop-ups for future appearances of authenticity. As ever, malware experts don't recommend paying the ransom to threat actors; victims always can reset their devices to factory conditions, in worst-case scenarios.
What's interesting about MalLocker is that its screen-locking feature differs in technical implementation through different versions. A recent catch confirms that MalLocker now is the first Android Trojan abusing the onUserLeaveHint function and call notification features default to Android for generating its pop-up and maintaining its foreground persistence. The attack blocks the device in 'brand-new' ways, bypassing previous OS changes by Google that eliminated old vulnerabilities.
The Intricacy behind a Not-So-Simple Locker Trojan
Although MalLocker does no more than blocking the device with its window, its threat actors invest significant, long-term effort into keeping the Trojan potent versus system updates and security solutions. The threat includes impressive obfuscation efforts that might hinder AV vendors from flagging it as threatening, such as meaningless junk code, fake variables, and the lack of class declaration in the initial manifest. Thus, while MalLocker's impact on users may seem simplistic, its core code and modules are comparable to the long-term maintenance and problem-solving that one finds in professional software business products.m
Despite its many features and creative workarounds, MalLocker's family poses limited risk to users who don't pay its fake legal fine. Malware experts recommend resetting most devices to factory conditions and recovering any lost files through remotely-saved backups. Future updates may change the previous conclusion due to the Trojan's rapid and ambitious changes over time.
Users can protect their Android devices by avoiding disreputable and illicit download resources, which are havens for threats like MalLocker. Updated security products also include the best chances of detecting and deleting MalLocker in a bundle before it becomes problematic.
MalLocker might not be squatting on Google's application store, but those who get their files from other places on the Web are putting their home screens on the line. A threat that learns from past mistakes isn't easy to exterminate, even while those in the Web security industry do their utmost.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.