Promise of ‘higher profits’ sees US targeted by Android PIN-locking ransomware

You get infected, it’s a factory reset, sorry

Android PIN-locking ransomware, which – unbeknown to the user – changes a device's login code, is targeting mobile phone users in North America, leaving victims with a locked screen and a demand for $500.

However, since the PIN is reset randomly even complying with these extortionate demands won’t do any good, as not even the attackers know the changed code, security researchers at Bratislava-based IT security company ESET warn.

ESET said the threat, which it dubbed LockerPIN, is already in circulation. The malware is spreading via a combination of unverified third-party app stores, warez forums, and torrents.

“Based on ESET’s LiveGrid statistics, the majority of the infected Android devices are in the USA with a complete percentage share of over 75 per cent,” said ESET’s detection engineer Lukáš Štefanko.

“This is part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits,” he added.

After a successful installation, the trojan horse tries to obtain Device Administrator privileges by overlaying the system message with its own window and masquerading as an “Update patch installation”.

Even if the trojan is removed, for unrooted devices that aren’t protected by a security solution, there is no simple way to change the PIN except for a factory reset.

This works but at the cost of the loss of all data held on a compromised device. It’s not clear how many if any victims are caving into extortionate demands. The high asking price might make this relatively rare. ®

Sponsored: How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools


Biting the hand that feeds IT © 1998–2019