A new variant of Android ransomware has been discovered by researchers at Norton by Symantec, which is displayed on the lockscreen’s user interface (UI). This threat, Android.Lockdroid.E, creates a lockscreen that appears more sophisticated and official by displaying fraudulent legal notices coupled with personal information gathered from the device. By using the information collected the ransom notice appears personally tailored to the victim. The malware also uses this flaw to display the personal data that it collects through an easy-to-access, official looking menu. These elements help the ransomware intimidate the victim into making the payment.
Android.Lockdroid.E compromises devices in one of two ways:
- The user downloads afree software package on their device, which includes a popular browser hijacker. This hijacker then redirects the victim’s search results to compromised sites hosting the Android ransomware.
- The ransomware is disguised as a legitimate video app and is made available on unofficial app stores.
Once the Trojan has gained access to the device and is executed, it collects as much personal information it can upon launch. The sensitive information that is collected includes call records, SMS activity, and browser history. Once collected, the threat will then lock the device from use, using the new ransom notice on the lockscreen. The ransom then claims that the user has accessed prohibited content and that their device logs are in law enforcement’s custody.
Android.Lockdroid.E is not present or spread through the Google Play store, and is another example of why users should only download Android apps from a trusted source.
How To Stay Safe From This Threat
- Keep your device’s software up to date.
- Do not download apps from untrusted and unfamiliar sites.
- Pay close attention to the permissions requested by an app. If it seems illogical that an app would request access to a part of the phone not needed for the app to function, such as a flashlight app requesting access to your address book, you might want to think twice about downloading that app.
- Install a suitable mobile security app, such as Norton and Norton Halt, which is a first responder app that that alerts you about the latest, breaking security vulnerabilities and exploits in order to protect your device and data.
- In the event that ransomware strikes, make sure you have made frequent backups of important data.