Android ransomware DoubleLocker encrypts data and changes PINs

Security researchers at ESET have discovered a new kind of ransomware infecting Android phones on a level nobody's ever seen before. Called DoubleLocker, the exploit encrypts the data on the infected device and then changes its PIN number, preventing victims from accessing their devices, unless they pay the ransom demanded by hackers.

The malware installs itself as the default Android launcher, the piece of software that controls the look and feel of the device and how apps and widgets launch, and essentially creates an invisible shortcut that activates itself whenever the home button is pressed.

"Its payload can change the device's PIN, preventing the victim from accessing their device and encrypts the victim's data," said Lukáš Štefanko, the malware researcher at security firm ESET who discovered DoubleLocker. "Such a combination hasn't been seen yet in the Android ecosystem. "DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals."

"Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers. Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom… Speculation aside, we spotted a test version of such a ransom-banker in the wild as long ago as May, 2017," comments Lukáš Štefanko, the ESET malware researcher who discovered DoubleLocker.

Read more -here-

• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts