Saturday, 12 September 2015

New Aggressive Android Ransomware Spreading Fast

LockerPIN sets or changes the device’s PIN lock, unbeknownst to the user as it locks the screen and demands a $500 ransom.

Researchers from ESET, a global leader in IT security for more than two decades, discovered in the wild the first Android PIN-setting ransomware . Based on ESET’s statistics, the majority of the infected Android devices is in the USA with a complete percentage share of over 75%. This appears to be part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits, with Europe expected to be next on the list.

LockerPIN spreads via unverified third party app stores, warez forums and torrents. After a successful installation, the trojan horse tries to obtain Device Administrator privileges by overlaying the system message with its own window and masquerading as an “Update patch installation.”

Currently, even if the trojan is removed, for unrooted devices that aren’t protected by a security solution, there is no simple way to change the PIN except for a factory reset. This however results in loss of all data. To add insult to injury, even if the user decides to pay the ransom, the attackers cannot unlock the device as the PIN is set randomly.

To prevent infection, ESET strongly advises for using an Internet security solution, such as ESET Mobile Security designed specifically for Android smartphones and tablets, to back up regularly and to download apps only from certified app stores, such as Google Play or Amazon App Store.

Read more about #LockerPIN on our blog and follow the evolving story on social media using hashtag #LockerPIN