A new ransomware has emerged online threatening Android security. Identified as MalLocker.B, the ransomware triggers on an infected phone as soon as the victim presses the Home key.
MalLocker.B Android Ransomware
Microsoft has recently elaborated on new Android ransomware, the MalLocker.B in a recent post. As revealed, the ransomware locks users’ devices rendering it useless for the user until the payment is done.
The ransomware specifically reaches the target devices via apps available on third-party app stores. While that’s obvious, the reason why it caught attention includes its ever-evolving maliciousness and security bypass characteristics. Hence, it has managed to stay under the radar of antimalware solutions.
Briefly, the malware doesn’t encrypt the data on the target device. Instead, it simply blocks the users’ access to the device by displaying a permanent ransom note.
Besides, the ransom note isn’t a traditional one either. Rather it mimics a legal notice from some law enforcement agency. The note asks the victim to pay a fine for some crime the victim committed.
Whereas, in the background, it continues exploiting various Android functions. For instance, it first abuses the “call” notification, which displays caller details on screen, to display the ransom note.
Then, it abused the “onUserLeaveHint()” callback method that normally lets the user switch apps by dragging them into the background. The function works upon pressing the Home or Recent button.
Hence, the malware exploits this feature to bring the in-call screen to the foreground, displaying the ransom note, whenever the victim would press the Home button.
For this, the malware develops a special notification builder that includes two things. First, setCategory(“call”) that gives priority privileges to the call notification. Second, setFullScreenIntent() to link the notification to the GUI for popup when triggered.
Android Users, Stay Wary!
Although, it is always recommended to refrain from downloading any apps on devices from unofficial or third-party stores. Yet, the appearance and dissemination of MalLocker.B via third-party app stores simply comes as a reminder.
Since the malware is already active in the wild, all Android users must remain very careful while installing any apps, especially from app stores other than Google Play.
Although, it doesn’t mean that Google Play is entirely malware-free. However, the probability of getting infected is higher when downloading apps from unofficial sources.