A new case of ransomware Android Posted by Cyber ​​Security Group MicrosoftIt is a virus that attacks a mobile phone by turning off the screen so that the user presses the start button and goes hack, in fact, it has also been found that it can be activated when a call is answered.

is the name of the malware AndroidOS / MalLocker.B And it is distributed over the network because it allows the victim’s data to be taken so that the cybercriminal can demand the ransom.

In its report, the company defined it as a sophisticated attack that is “a newer variant of a family of ransomware that has been around for some time but has been constantly evolving.”

Malware is found on arbitrary websites (which do not monitor or verify the content they upload) and spreads on forums using various baits, such as disguises of popular apps, pirated games or video players.

You may be interested in:

Attack when answering a call

It is the basis of crime Malloker.B This is a mechanism that allows to attack the system and lock the screen so that later, when the user has to press the start button or answer the call, the attack can take place.

Once infected, a ransom note is issued, which the user cannot bypass, as the attack blocks a function called ‘onUserLeaveHint()’, which is commonly used to switch between applications on mobile phones. Denial prevents the victim from dropping a note demanding payment to recover their data.

This system is a development of an older form of attack that used a special permission Android Called “SYSTEM_ALERT_WINDOW”, it placed a message that could not be closed on the phone’s home screen demanding a ransom to steal mobile phone data.

Initially, this feature was used to report a problem on mobile, but cybercriminals have taken advantage of it to communicate with victims. Google Changes made to remedy the situation and prevent it from being used as an attack weapon.

“The new variant of Android ransomware overcomes these barriers by evolving further than any malware we’ve seen before,” the company said.

You may be interested in:

In addition, in the report, they emphasize that using two basic actions, such as pressing the start or lock button and answering a call, makes the user feel more secure in what they are doing, than other more invasive methods, such as requesting access. on device permissions that alert the victim to the need to perform several steps to consolidate the attack, causing the person to uninstall the app and kill the threat before it can execute.

Instead, this ransomware “creates a special type of message that disables the ransom screen” with basic, everyday actions.

To avoid falling into this situation, one of the most important recommendations is to always download any application directly Google Play Store And not from forums or external pages, because this is where this type of virus spreads, which has the ability to download without meeting security requirements, such as those required by the Android store.

Continue reading: