As usual, it seems that on many occasions the ciberattacks are a step ahead of the security companies in regard to protecting our devices and ifsissues, something that is again demonstrated with this new discovery.
It is DoubleLocker, a malware type ransomware for Android that not only encrypt our personal files from the terminal, but also change the access code at the same we can’t fix it on our own. Your name already says everything, since the new malware performs both tasks malicious to the user to be even more difficult to put the means to evade the attack.
This is a ransomware discovered by security researchers from the company ESET, and it is the first software of rescue that abuses the accessibility feature of Android, so that implements alternative ways of interacting with a mobile device. These accessibility services are the object of abuse by other types of malicious attacks like trojans or adware, but had never seen something like DoubleLocker.
DoubleLocker, a malware that encrypts the data and change the Pin of the terminal
Has its roots in a banking malware, and it is worth mentioning that the cybercriminals began to spread this malicious code as part of a false update for Adobe Flash through web sites and applications involved.
Once the victim has launched the tool, it requests activation of the service accessibility and once the malicious code has obtained these permissions, the used to activate the rights of administrator of the terminal and configured as the application’s Home without the consent of the user.
In this way, each time the user clicks on the start button, the ransomware is activated and the device is locked again, so that thanks to the use of the accessibility service, the user does not know that he throws malware by pressing the above-mentioned Home button. The first thing that makes DoubleLocker is to change the PIN of access to a random value or the scammers know nor stored at any site. At the same time, it is encrypted all the files using the algorithm of AES encryption for each file.
By the time the encryption process has no errors, which makes it impossible to recover the files without receiving the encryption key from the crooks, which is about us $ 75, payment must be completed in less than 24 hours. Therefore, and as always, the best way to protect our device is to install apps only from trusted shops like Google Play and pay attention to the «reputation» of the developers.