logo
Mobile
Smartphones
Tablets
Smartwatch & Wearables
Telco
PC
Laptops
Monitors, Input Devices & Accessories
PC Components
Storage
Networking & Security
Lifestyle
Audio
Video
Photography
Smart Home
AI
Cars
Apps & Software
Entertainment
Gaming & Culture
TV & Movies
Guides
How To
Tips
DealsEditor's Picks
Follow Us
Connect with us and stay updated with the latest news and promotions from us! Sign up now!
Mobile | Smartphones

New Android ransomware takes your phone hostage with a PIN

ESET has discovered a new ransomware that locks up Android devices with a PIN, the first of its kind to do so. So far, the majority of affected users originate in the US, but it's probably wise to exercise due caution.

By Koh Wanzi - 

It's raining on Android's parade again. (Image Source: ESET)

It's raining on Android's parade again. (Image Source: ESET)

Android users just can’t catch a break. ESET has discovered a new type of ransomware called Android/Lockerpin.A, which completely locks up Android devices with a PIN number.

This represents an evolution in ransomware’s methods of locking up a device. Previously, the ransom window was just constantly brought to the foreground in an infinite loop, thus preventing the user from actually using their phone. While inconvenient, users could actually circumvent the malware and unlock the device using Android Debug Bridge (ADB) or deactivate Administrator rights and uninstall the ransomware in Safe Mode.

Unfortunately, the new PIN-locking ransomware prevents these workarounds, effectively shutting users out of their devices entirely. Users can still regain control of their device via a factory reset – provided it is not rooted – but this would mean losing all their data.

The ransomware is even able to obtain and preserve Device Administrator privileges so it cannot be uninstalled.

However, it does still rely on unsuspecting users to grant it this privilege. It masquerades as an “Update patch installation”, prompting victims to click through the activation window and grant it elevated privileges.

Users are led to believe that they are performing a patch update. (Image Source: ESET)

Users are led to believe that they are performing a patch update. (Image Source: ESET)

Once it has obtained what it needs, the device will be locked and users will be asked to pay a US$500 ransom for allegedly viewing and storing forbidden pornographic material. The message in question is even sneakily designed to look like it comes from the FBI, but anyone with a fair dose of sense can probably tell that it’s bogus.

The ransom message is made up to look like it comes from an official FBI source. (Image Source: ESET)

The ransom message is made up to look like it comes from an official FBI source. (Image Source: ESET)

If users attempt to use ADB tools or entire Safe Mode to uninstall the malware, the PIN number required to unlock the device will be reset. However, the PIN number is generated randomly and will not be sent to the attacker, so neither the user nor the attacker can unlock the device.

The ransomware is distributed through an app called Porn Droid, which explains the allegations about explicit content in the false FBI message. ESET says that 77% of infected users come from the US, but the good news is that the app isn’t available on the Play Store. Users will have to manually allow installation from “Unknown Sources” in their device settings and install the app from third-party websites.

This is also how the majority of Android ransomware finds unwitting victims, so it looks like the best way to protect your device would be to stick to apps from the Play Store alone. Alternatively, ESET says that its own mobile anti-virus is capable of detecting and stopping this type of malicious software.

Source: ESET via Tom’s Hardware

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.

Tags

smartphoneandroidmalwareesetransomware
Share this article