Security experts have warned about a new form of banking malware that is targeting Android devices.
The malware, named DoubleLocker, is a banking trojan that encrypts data on infected devices, locking the victim out of their smartphone or tablet by changing the PIN. The only way to regain access is by paying a ransom.
What makes DoubleLocker particularly bad is that the malware is activated every time the user presses the Home Button.
“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” said ESET researcher Lukáš Štefanko who discovered the new malware.
“Two-stage malware that first tries to wipe your bank or PayPal account, and subsequently locks your device and data to request a ransom.”
According to ESET, DoubleLocker is spread through third party websites and app stores is disguised as an update to Adobe Flash Player.
Once installed it grants itself administrator rights on the infected device.
“Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting ‘Home,’” Štefanko wrote in a blog post.
It then changes the victim’s PIN code meaning it is impossible to regain access to the device. Users are then prompted to pay a ransom in order for the infected device to be unlocked.
If your smartphone has been infected with DoubleLocker the only way to get rid of it is by performing a factory reset of your device.
How to protect your smartphone from Android malware
– Don’t open any links or files you do not recognise
– Never install apps outside of the Google Play Store
– Make sure you install the latest updates on your device
– Install an antivirus app on your device and make sure you keep it updated