The ransomware has been named DoubleLocker because it performs a two-way action to lock the phone, that is, it encrypts all the files and changes the PIN as well so that victims run out of options and give in to the ransom demands of hackers. The ransomware is being distributed as a fake update of Adobe Flash while compromised websites are being used to spread it.
The fake Adobe Flash app requests for Google Play Services activation because it needs to exploit the phone’s accessibility services
It then starts exploiting the permissions by retrieving Windows content, enabling advanced web accessibility for installation of scripts and monitoring the text that the victim types. When permissions are granted, the ransomware is installed as the default Home app. This means when the user will visit Home screen the next time the ransom note will be there.
For more info:
https://www.hackread.com/new-android-ransomware-permanently-changes-pin-demand-ransom/
No comments:
Post a Comment