Android gadgets are threatened by the first screen-lock scrambler

16 October 2017
ESET discovered another encryption Trojan that threatens Android gadgets. The new threat is named DoubleLocker and has one unpleasant feature that makes the malware more dangerous than many of its predecessors.According to information published by ESET specialists, the new malware has a combination of features not previously seen in the Android ecosystem. The fact is that DoubleLocker is based on a banking Trojan for Android gadgets. Despite that, it lacks the usual functions of gathering users' banking data for this type of threat. Instead, the Trojan can encrypt files and change the PIN code of a smartphone or tablet to a random one. After penetrating the victim's device, DoubleLocker requests activation of a malicious special features service called Google Play Service, and after receiving the appropriate permissions, it activates administrator rights and installs itself as the default launcher. At the same time, all files in the main storage of the gadget are encrypted using the AES algorithm and have the extension .cryeye. It is reported that to resume access to its data, the malware requires the user to pay a ransom of 0.0130 bitcoin, which corresponds to about 4000 rubles. In this case, the payment must be made within 24 hours, otherwise all the information on the gadget will remain encrypted. It is worth adding that, like its predecessors, DoubleLocker penetrates victims' gadgets under the guise of Adobe Flash Player through compromised sites. Therefore, all Android gadget owners are advised not to download files from unverified sites and install a reliable antivirus, for example, ESET Mobile Security & Antivirus, Kaspersky Antivirus & Security or Avast.