Microsoft warns of new Android ransomware blackmailing victims

The AndroidOS/MalLocker.B Android ransomware is also capable of evading detection against several available protections.

The AndroidOS/MalLocker.B Android ransomware is also capable of evading detection against several available protections.

The cyber security researchers at Microsoft have published information and technical details on a new type of ransomware developed to attack Android smartphones. This malware uses completely new techniques that point to new threats and constantly evaluates itself with additional capabilities. 

Dubbed AndroidOS/MalLocker.B by researchers; the malware is a variant of a ransomware family that has been circulating on hacking forums and arbitrary websites for a while. The new variant however has been equipped with several capabilities including open-source machine learning and evading detection against several security solutions.

According to researchers, the malware tricks its victims with various social engineering techniques starting from masquerading as popular apps, video players, and cracked games.

See: LG Smart TV Screen Bricked After Android Ransomware Infection

Unlike other Android ransomware; AndroidOS/MalLocker.B locks users out of their smartphone neither does it encrypt their data. What it actually does upon installation is that it displays a ransom note over every other window. For instance; if a user opens or switches from one application to another.


This ultimately blocks users from accessing the device to a level where they can’t perform any function on the screen other than reading ransom note. The message on the ransom note threatens victims to pay money or their phone and browsing data that supposedly breaks the law will be shared with local police. This is merely blackmailing just to get money out of the victim.

Ransom note (Image credit: Microsoft)

However, a noticeable addition in this ransomware is that it incorporates an open-source machine learning module designed for context-aware cropping of its ransom note. To explain how sophisticated this ransomware is, Dinesh Venkatesan from Microsoft Defender Research Team wrote in a blog post that:

This ransomware family’s long history tells us that its evolution is far from over. We expect it to churn out new variants with even more sophisticated techniques. In fact, recent variants contain code forked from an open-source machine learning module used by developers to automatically resize and crop images based on screen size, a valuable function given the variety of Android devices.

If you are an Android user the best way to protect your device from such threats is to stop downloading apps from a third-party store. Also, take extra precautions while downloading an app from Play Store since nasty malware like Joker has already made it to the Store.

Simply put: Don’t download unnecessary apps, keep your phone updated, run regular scans with a reliable anti-malware software, and last but not the least it is recommended to perform regular backups in case if anything happens to your device.


Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts