Security researches reported that Android.Lockdroid.E ransomware threatens up to 67% of Android devices, posing as a porn application called Porn ‘O’ Mania. The malware gives hackers access to admin rights and takes control of the devices it’s installed on.
Android.Lockdroid.E ransomware uses a fake package installation, downloaded from unauthorised download sites such as torrent locations. Its main purpose is to make users think that it is a porn application that needs access to certain parts of a device. However, the malware does not reveal that by granting the application access, it’s also allowing hackers to act as an administrator on the infected device.
As soon as a user downloads the application, the screen gets locked and a message reads that the victim has installed “forbidden materials.” During the time when the user is trying to deal with this issue, unable to do anything with their phone, Android.Lockdroid.E is working in the background collecting contacts and other information from the device, and encrypting other data, which it then says the user must pay to unscramble.
Another common method used by cyber criminals to gain access to the admin rights, is demanding the user to enter their administrator details in order to access more advanced features in the application. When entering this information, hackers can lock the device screen, reset the device PIN, or perform a factory reset. Besides, they can stop the user from removing the malware, which means that their device is unusable.
“This new ransomware variant has leveled up, adopting more sophisticated social engineering to gain administrator rights,” said Symantec’s Martin Zhang.
“Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user, the system activation dialog is called up and covered by a fake “Package Installation” window”.
“The user believes they are clicking “Continue” to install a necessary Google-related package but, in actuality, they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion.”
Zhang also said that Android users can avoid the malware being installed on their device by ensuring only verified Google Play apps which can be installed on their devices.