New Android Ransomware out: Pay $500 or Forced factory rest!

Page 1 of 1 [ 7 posts ] 

xenocity
Veteran
Veteran

User avatar

Joined: 8 Dec 2014
Age: 41
Gender: Male
Posts: 2,282
Location: Metro Detroit Michigan

10 Sep 2015, 10:05 pm

Quote:
http://arstechnica.com/security/2015/09/new-android-ransomware-locks-out-victims-by-changing-lock-screen-pin/

Dubbed Android/Lockerpin.A, the app first tricks inexperienced users into granting it device administrator privileges. To achieve this, it overlays a bogus patch installation window on top of an activation notice. When targets click on the continue button, they really grant the malicious app elevated rights that allow it to make changes to the Android settings. From there, Lockerpin sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

"After clicking on the button, the user's device is doomed," Lukas Stefanko, a researcher with antivirus provider Eset, wrote in a blog post published Thursday. "The trojan app has obtained administrator rights silently and now can lock [the] device—and even worse, it set[s] a new PIN for the lock screen. Not long after, the user will be prompted to pay a $US500 ransom for allegedly viewing and harboring forbidden pornographic material."


It's not on the Google Play Store yet.
You literally have to pay $500 or have your Android phone forced factory reset.


_________________
Something.... Weird... Something...


AsahiPto17
Velociraptor
Velociraptor

User avatar

Joined: 20 Oct 2013
Gender: Male
Posts: 476

10 Sep 2015, 10:07 pm

There has got to be a way around that with adb or something...



xenocity
Veteran
Veteran

User avatar

Joined: 8 Dec 2014
Age: 41
Gender: Male
Posts: 2,282
Location: Metro Detroit Michigan

10 Sep 2015, 10:11 pm

AsahiPto17 wrote:
There has got to be a way around that with adb or something...

Hasn't happened yet, in part because users are prompted to give it administrative approval.

Though it's not too big of a deal until it hits Googe Play Store, though this would require it to pose as something less X rated.


_________________
Something.... Weird... Something...


AsahiPto17
Velociraptor
Velociraptor

User avatar

Joined: 20 Oct 2013
Gender: Male
Posts: 476

12 Sep 2015, 2:28 am

Well, frankly, you'd have to be pretty stupid to give a porn app special privileges to your phone, I'm assuming it tries to get 'device manager' privs. The screenshot shows a "patching" screen that it overlays over the settings screen apparently. I know that at least in android lollipop it does not let you make any security changes while there is any kind of overlay for this very reason. Someone who would fall for that would most likely not have a clue how to fix it...



xenocity
Veteran
Veteran

User avatar

Joined: 8 Dec 2014
Age: 41
Gender: Male
Posts: 2,282
Location: Metro Detroit Michigan

12 Sep 2015, 3:06 am

AsahiPto17 wrote:
Well, frankly, you'd have to be pretty stupid to give a porn app special privileges to your phone, I'm assuming it tries to get 'device manager' privs. The screenshot shows a "patching" screen that it overlays over the settings screen apparently. I know that at least in android lollipop it does not let you make any security changes while there is any kind of overlay for this very reason. Someone who would fall for that would most likely not have a clue how to fix it...

It's called being a standard user!
This kind of an attack is called social engineering.


_________________
Something.... Weird... Something...


Noca
Veteran
Veteran

User avatar

Joined: 9 May 2015
Gender: Male
Posts: 3,932
Location: Canada

22 Sep 2015, 6:58 am

I often have to restore this piece of junk phone anyway. No big deal.



izzeme
Veteran
Veteran

User avatar

Joined: 4 Apr 2011
Age: 39
Gender: Male
Posts: 2,665

22 Sep 2015, 8:11 am

Factory reset it is.
there is a reason i keep everything i might want to keep in cloud backups...

Factory reset->login->"restore all data", yes->done.
Apps will be reinstalled manually, and i'd skip whatever ransomed me this time