• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 11th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

New Android Malware Changes PIN Code and Demand Ransom

September 14th, 2015 Waqas Android, Cyber Crime, Malware, Scams and Fraud, Security 0 comments
New Android Malware Changes PIN Code and Demand Ransom
Share on FacebookShare on Twitter

Android users need to be highly careful while using your smartphone as ESET researchers have identified simplocker, a new screen-locking malware that specifically targets users in the United States.

This new ransomware is the first one that is capable of changing a smartphone’s PIN lock, which is one of the phone’s security code.

The Android LockScreen Trojans that have been identified previously by researchers attempted to acquire screen locking functionality by opening a ransom window in the foreground. This window goes into an infinite loop along with implementing an array of defense mechanisms that keep the device locked.

However, according to a blog post by ESET, this method proved to be unsuccessful because users were able to unlock their devices easily using the Android Debug Bridge/ADB or alternatively, by disabling Admin rights and deleting the Trojan in Safe Mode.

The difference with this new ransomware called Android/Lockerpin.A is that it evades the option of removal by preventing users from regaining access to their device if no security solution or root access exists on the phone.

Post installation, the primary objective of this malware is to get Device Administration rights through deceiving users into accepting an “Update Patch” installation. This alleged update tricks users into going through the process of enabling the Device Administrator privileges of this malware, which otherwise remain hidden.

When the user clicks on “Continue” button, the malware locks the device and resets the PIN Code thereby locking the screen of the phone.

It immediately displays a warning that seems to be issued by the FBI (citing storing of forbidden pornographic content on the device) and compels users to pay $500 as ransom amount.

Image Credit: ESET.

Image Credit: ESET.

Though the device has already been locked, it is possible to uninstall Android/Lockedprin.A. This can be done in SAFE Mode or through an ADB so that the PIN gets changed. However, this doesn’t let them regain control of their phone at all and to acquire such authority users require root privileges.

Lukas Stefanko from ESET explains:

“After having reset the PIN, however, neither the owner nor the attacker can unlock the device because the PIN is generated randomly and not sent to the attacker. The only practical way to unlock is to reset to factory defaults.”

An aggressive self-defense mechanism is utilized by this malware to recall the Device Admin rights in case the user has attempted to deactivate them.

Furthermore, after removing the Trojan, the Device Administrator window gets overlapped with a fake window that reactivates the raised up privileges effectively.

Furthermore, after removing the Trojan, the Device Administrator window gets overlapped with a fake window that reactivates the raised up privileges effectively.

Moreover, this malware is equipped with additional self-defense functions. It can remove any anti-virus software installed on the device and also monitors com.android.settings to avoid uninstallation.

This malware is not being distributed through Google Play but via third party markets, torrents and warez forums. Users download it believing it to be just another app for viewing adult videos.

Last week, security researchers discovered another ransomware scam hidden behind fake pornography app on Google Play store. So be careful before downloading any android app.

  • Tags
  • Android
  • Cyber Crime
  • eset
  • Malware
  • Passwords
  • Ransomware
  • security
  • Smartphones
Facebook Twitter LinkedIn Pinterest
Previous article Smartwatch Users Beware – Report Identifies Vulnerabilities in Wearable Devices
Next article Windows 10 Lets Users Log into Their PC with a Picture Password
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
2 scraped LinkedIn databases with 500m and 827m records sold online

2 scraped LinkedIn databases with 500m and 827m records sold online

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Hackers leak data, 600k card info from Swarmshop cybercrime forum

Unpatched vulnerable VPN servers hit by Cring ransomware

Unpatched vulnerable VPN servers hit by Cring ransomware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
2 scraped LinkedIn databases with 500m and 827m records sold online
Cyber Crime

2 scraped LinkedIn databases with 500m and 827m records sold online

Facebook ads dropped malware posing as Clubhouse app for PC
News

Facebook ads dropped malware posing as Clubhouse app for PC

Hackers leak data, 600k card info from Swarmshop cybercrime forum
Cyber Crime

Hackers leak data, 600k card info from Swarmshop cybercrime forum

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us