Microsoft warns Android users about MalLocker Ransomware

Nithin Chowdary

October 13, 2020

Microsoft has warned all Android users about new ransomware, which is believed to be a version of the known Android ransomware family named "MalLocker.B." It locks the device behind a ransom note by taking advantage of incoming call notifications and Android's Home button. It includes a new feature that delivers the ransom demand on infected devices and an unintelligible mechanism to evade security solutions. MalLocker was hosted on online forums and websites using several social engineering techniques by disguising popular apps, cracked games, or video players. As this earlier Android ransomware that exploits, the accessibility features called "SYSTEM_ALERT_WINDOW" to display the ransom note on top of all other screens was detected by anti-malware software. In the MalLocker.B version, this is achieved through a completely new technique. The "call" notification that alerts the user about incoming calls is used to display a window covering the entire screen area and combine it with a Home or recent keypress to trigger the ransom note. The ransomware code is unclear and made unreadable by using meaningless variable names and junk code to prevent analysis. This variant of ransomware is essential because this behavior has not been seen before and could open doors for other malware to follow.

Abridged fromCybersafe