Fake Adobe Flash Player Ransomware Infecting Android Phones Through Google Play Service
ESET security researchers have discovered a new type of ransomware infecting Android smartphones. The bug is called DoubleLocker and it encrypts data of the infected device and it changes its PIN number. Victims find themselves locked out of their smartphone and they need to pay a ransom in order to gain back access. This could be another reason not to install Adobe Flash Player on an Android smartphone.
The hack posts a threat to all Android devices because it does not require a rooted phone in order to gain extra access for the hacker to run a code. The effects are pretty severe and the user is locked out of their device.
Researchers have explained it is the first time such a malware has been created for Android devices. It combines both data encryption and PIN changes.
How it starts
The hack is distributed through fake Adobe Flash Player downloads. The ransomware shared on compromised websites installs itself when users give it access from the Google Play Service.
The DoubleLocker installs itself and it becomes the default Android launcher The Android launcher is the mains software which is in charge of controlling the look and feel of the device and how the apps launch.
Android users can know their files are infected if they see a chrome extension at the end of the file. The ransomware changes the device’s PIN number and it also no leaves no digital trail. Users have no option of getting back their PIN, it can only be reset by hackers.
Hackers give Android users 24 hours to pay 0.0130 Bitcoin if they want access to their phone. The only way of removing DoubleLocker is by performing a factory reset, which will erase all files.