• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

New Android Malware Changes PIN Code and Demand Ransom

September 14th, 2015 Waqas Android, Cyber Crime, Malware, Scams and Fraud, Security 0 comments
New Android Malware Changes PIN Code and Demand Ransom
Share on FacebookShare on Twitter

Android users need to be highly careful while using your smartphone as ESET researchers have identified simplocker, a new screen-locking malware that specifically targets users in the United States.

This new ransomware is the first one that is capable of changing a smartphone’s PIN lock, which is one of the phone’s security code.

The Android LockScreen Trojans that have been identified previously by researchers attempted to acquire screen locking functionality by opening a ransom window in the foreground. This window goes into an infinite loop along with implementing an array of defense mechanisms that keep the device locked.

However, according to a blog post by ESET, this method proved to be unsuccessful because users were able to unlock their devices easily using the Android Debug Bridge/ADB or alternatively, by disabling Admin rights and deleting the Trojan in Safe Mode.

The difference with this new ransomware called Android/Lockerpin.A is that it evades the option of removal by preventing users from regaining access to their device if no security solution or root access exists on the phone.

Post installation, the primary objective of this malware is to get Device Administration rights through deceiving users into accepting an “Update Patch” installation. This alleged update tricks users into going through the process of enabling the Device Administrator privileges of this malware, which otherwise remain hidden.

When the user clicks on “Continue” button, the malware locks the device and resets the PIN Code thereby locking the screen of the phone.

It immediately displays a warning that seems to be issued by the FBI (citing storing of forbidden pornographic content on the device) and compels users to pay $500 as ransom amount.

Image Credit: ESET.

Image Credit: ESET.

Though the device has already been locked, it is possible to uninstall Android/Lockedprin.A. This can be done in SAFE Mode or through an ADB so that the PIN gets changed. However, this doesn’t let them regain control of their phone at all and to acquire such authority users require root privileges.

Lukas Stefanko from ESET explains:

“After having reset the PIN, however, neither the owner nor the attacker can unlock the device because the PIN is generated randomly and not sent to the attacker. The only practical way to unlock is to reset to factory defaults.”

An aggressive self-defense mechanism is utilized by this malware to recall the Device Admin rights in case the user has attempted to deactivate them.

Furthermore, after removing the Trojan, the Device Administrator window gets overlapped with a fake window that reactivates the raised up privileges effectively.

Furthermore, after removing the Trojan, the Device Administrator window gets overlapped with a fake window that reactivates the raised up privileges effectively.

Moreover, this malware is equipped with additional self-defense functions. It can remove any anti-virus software installed on the device and also monitors com.android.settings to avoid uninstallation.

This malware is not being distributed through Google Play but via third party markets, torrents and warez forums. Users download it believing it to be just another app for viewing adult videos.

Last week, security researchers discovered another ransomware scam hidden behind fake pornography app on Google Play store. So be careful before downloading any android app.

  • Tags
  • Android
  • Cyber Crime
  • eset
  • Malware
  • Passwords
  • Ransomware
  • security
  • Smartphones
Facebook Twitter LinkedIn Pinterest
Previous article Smartwatch Users Beware – Report Identifies Vulnerabilities in Wearable Devices
Next article Windows 10 Lets Users Log into Their PC with a Picture Password
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
X-rated social media app Fleek exposed explicit photos of users

X-rated social media app Fleek exposed explicit photos of users

Online scams: How to give scammers a taste of their own medicine

Online scams: How to give scammers a taste of their own medicine

Top Tips to Upscale Your Netflix Security Instantly

Top Tips to Upscale Your Netflix Security Instantly

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

69
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

83
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us