Jump to content

Recommended Posts

Posted

Android.Lockscreen uses pseudo-random PIN codes to lock users out of their devices and request large sums of money

 

c2f82f6b8dd006bc1f8557eda9b03853.png

 

A previously unsophisticated Android ransomware that locks an Android device's screen has received new updates that make it impossible for security researchers to help victims unlock their devices.

 

Android.Lockscreen was a simplistic Android ransomware that appeared in March 2015. For a long period of time, this threat operated by setting a custom PIN code and showing a message on the user's screen, asking them to call a number for technical support.

 

Users calling this number would be tricked into paying for expensive "technical support" and would then receive the device's new PIN code.

 

Previous Android.Lockscreen versions could be removed

 

Security researchers that took a look at this threat soon realized that the ransomware's source code included the PIN code used to lock devices.

 

For many months, it was easy for security researchers to take a look at the latest Android.Lockscreen samples and extract the PIN code, passing it on to infected victims.

 

But the crooks caught on to their own mistake, and in recent versions, they changed the mechanism through which they generate the PIN code.

 

New versions use a pseudo-random PIN code

 

"Newer variants have eliminated the hardcoded passcode and replaced it with a pseudorandom number," Symantec's Dinesh Venkatesan writes.

"Some variants generate a six-digit number and some generate an eight-digit number."

 

Android.Lockscreen now uses the Java Math.random() function to generate a pseudo-random number, which it sets as the device's PIN code.

 

The ransomware is effective at locking the device only on older Android versions, prior to Google's Nougat release, which included protections to prevent calls for PIN/password resets from other apps, if the PIN was set by a user beforehand.

 

To prevent losing control over their Android smartphones, users should install apps only from trusted sources, like the Google Play Store, and pay attention to the permissions apps request upon installation.

Android.Lockscreen, by the operations it needs to carry out, will require a lot of intrusive permissions, such as the ability to lock the user's screen, change device settings, and overlay messages on top of other apps.

 

 

 

Source:

http://news.softpedia.com/news/android-ransomware-just-became-a-little-bit-more-sophisticated-508747.shtml

76c90dd0e79a714317a8daeecc1584d2.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...