Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – DoubleLocker Android Ransomware

Cyber Criminals have been busy devising an innovative ransomware scam that attacks Android accessibility services. The hack is based on the foundations of a banking Trojan, which they leverage to extort money from its victims with experts reporting that these attacks include a combination previously unseen in the Android ecosystem.

DoubleLocker is the first known Android ransomware that both encrypts the user’s files and locks the device by changing its PIN. Double trouble, hence the name. Derived from a long-established banking malware family, experts expect the malware to attempt to steal money directly from your bank account and then to make an additional profit from you via ransom. This is what is being called a ransom-banker.

This scam goes to show the lengths cyber criminals will go to. The accessibility service is a feature of the Android operating system aimed at helping users with disabilities. Unfortunately, this service also poses a high security risk. It enables applications to perform actions like clicking on buttons in dialog boxes and system menus on the users’ behalf. In the case of malware, this is often done without their knowledge.

DoubleLocker spreads in a similar way to its banking parent. By and large it is distributed as a fake Adobe Flash Player through websites that have been compromised. Upon launch, the app requests activation of the malware’s accessibility service – Google Play. Once accessibility permissions are given, they are used to activate device administrator rights and set itself as the default home application. In both these instances without the user’s knowledge.

By setting itself as a default home app it makes users more susceptible. This means that when the user clicks on the home button, the ransomware is activated and the device locked once again. All the while, the user remains unaware that they are launching malware by tapping the home button.

The ransom has been set at 0.0130 Bitcoin (approx. $54) and the ransom states that it must be paid within 24 hours. This kind of attack serves as a reminder for us all to have a secure anti-virus software installed on all devices and to run regular backups to prevent data loss.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations