Search This Blog

MICROSOFT WARNS ANDROIDS USER NOT TO DOWNLOAD APPS

October 10, 2020 0


New MalLocker.B ransomware is currently spreading via online forums and third-party websites




A new ransomware came into light which will come behind the notification of incoming call and after the pressing home button you screen  will lock .

Named AndroidOS/MalLocker.B, the ransomware is hidden inside Android apps offered for download on online forums and third-party websites.

Like most of the ransomware MALLOCKER.B  does not encrypt the victim file but just lock the victims phone and does not  allow user the reject or cancel the message shown on screen 
means it prevent access of phone

Once installed, the ransomware takes over the phone’s screen and prevents the user from rejecting the ransom note. This is supposed to look like a message from the local law enforcement agency letting users know that they have committed a crime and must pay a fine.

Message is look like below image


image: microsoft





Pretending to be fake police fines, ransomware has been the most popular form of Android ransomware for more than half a decade.


Over time, these malware strains have misused various functions of the Android operating systems to keep users locked on their home screen.

Previous techniques included misusing the system alert window or disabling the functions associated with the phone’s physical buttons.


The ransomware uses a two-part mechanism to display its ransom note.

The first part abuses the “call” notification. This is the feature that is activated for incoming calls to show details about the caller and MalLocker.B uses it to display a window that covers the entire area of ​​the screen with details about the incoming call.



The second part abuses the “onUserLeaveHint ()” function. This function is called when users want to put an app in the background and switch to a new app. It is triggered when buttons such as “Home” or “Recent” are pressed. MalLocker.B abuses this feature to bring its ransom note back to the foreground and prevent the user from leaving the ransom note for the home screen or another app.

Abusing these two features is a new and never seen before trick, but ransomware that hijacks the home button has been seen before.








For example, in 2017, ESET discovered an Android ransomware strain named DoubleLocker that abused the Accessibility service to re-activate itself after users pressed the Home button.

Since MalLocker.B contains code that is too simplistic and loud to make it past Play Store reviews, users are advised to avoid installing Android apps they downloaded from third-party locations such as forums, website ads, or unauthorized third-party app stores.






Tags:

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.