AndroidOS/MalLocker.B is the newest member of a ransomware family that has a long history of holding Android smartphones for ransom. Learn how MalLocker.B works and what you can do to keep your device safe.
There’s a new troublemaker in town. Its name is AndroidOS/MalLocker.B.
MalLocker.B is the youngest but shrewdest member of a ransomware family that has a long history of holding Android devices for ransom. Like most other mobile ransomware programs, it does not encrypt victims’ files. Instead, it uses several new tricks to render the phone unusable, making it one of the most advanced mobile malware programs around.
Here’s what you need to know to keep your phone safe from the malevolent MalLocker.B.
A Family History Only Hackers Would Be Proud Of
MalLocker.B is the latest variant in a family of Android ransomware that is continually evolving. Like its predecessors, MalLocker.B displays a ransom note that covers the entire screen of infected devices. Everything underneath it cannot be seen or accessed, preventing victims from using their phones.
Typically, the hackers design the ransom note so that it looks like a notice from a local police department. It informs the victims that they committed a crime and must pay a fine, after which it provides instruction on how to do so.
In the past, cybercriminals created the ransom note by hacking the functionality behind the system alert window. The system alert window was always displayed in the foreground because it was designed to notify users about system alerts and errors. This made it ideal for the hackers’ purpose.
Eventually, Google developers made several changes to the Android operating system that eliminated the threat from this attack vector. This prompted the hackers to start using other techniques to create the ransom note (e.g., abusing Android’s accessibility services), but they weren’t as effective.
In October 2020, a new MalLocker.B variant appeared. It is the most evolved Android malware to date, according to the Microsoft researchers who found it. The ransomware:
“This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow,” according to the researchers.
What You Can Do to Protect Your Mobile Device from MalLocker.B
Although the way in which MalLocker.B displays its ransom note is unique, its distribution method is not. Cybercriminals typically hide it in video players, pirated versions of popular commercial apps, and cracked games, which they hawk in online forums and host on third-party websites.
Therefore, if you want to protect your device from MalLocker.B, you should install apps only from official app stores like Google Play. Although malicious programs sometimes find their way into these stores, the risk is much greater if you download apps from other sites.
Before you install a program from an official app store, though, you should:
Finally, when you are installing a program, pay attention to the permissions. Be wary of any app that asks for permissions that seem excessive for what the program does. For example, one of MalLocker.B’s predecessors needs a special permission. To give it, you have to go through several screens and accept a warning that the app will be able to monitor your activity through Android’s accessibility services. Warnings like this should raise a red flag.