Cybercriminals have come up with a new form of Android ransomware that encrypts the victim's data and changes the PIN of the device, making it almost impossible for the victim get back the files on the device without paying a ransomware.
Once the fake Adobe Flash app is downloaded onto the device, the fake app will then asks for "Google Play Services". Once the malware has these accessibility permissions granted, it then uses them to activate device administrator rights and then set itself as the default Home application without the users consent. This means that the next time the user will see a ransom note when next they visit their home screen.
"Setting itself as a default home app -- a launcher -- is a trick that improves the malware's persistence," said Lukas Stefanko, the ESET researcher who discovered the DoubLocker malware. "Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again. . Thanks to using the accessibility service, the user doesn't know that they launch the malware by hitting home."
The DoubleLocker ransomware compels the user of the compromised to pay by changing the devices PIN so as to completely block the owners access. Next, the malware encrypts all the files on the device primary storage using AES encryption algorithm so that the files on the device can only be retrieved using a key.
The cybercriminals behind this DoubleLocker demands the victim to pay a ransom of 0.0130 Bitcoins - about $73 (though its likely to increase more than that due to Bitcoin gaining more value). While demanding a ransom of 0.0130 Bitcoins, the attackers also issue a 24 hours deadline for the victim to get back to them or lose everything on the device.
Android users who perform regular backups can perform a factory reset and then restore their backup on to their device.
This Android ransomware is based on a banking trojan, and so account compromising functionality might be added to it soon.