U.S. smartphone users primary targets in Android ‘Lockerpin’ attacks
Thu 10 Sep 2015
In a week which has turned critical eyes toward Android security, a new aggressive ransomware has been discovered which seizes control over smartphones by changing PIN codes.
Researchers ESET identified the malware in device attacks across North America and interestingly noted that even hackers administering ‘Lockerpin’ were incapable of unlocking the breached phones.
“Based on ESET’s LiveGrid statistics, the majority of the infected Android devices are in the USA with a complete percentage share of over 75 percent,” said Lukáš Štefanko, detection engineer at ESET. “This is part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits,” he continued.
As with the majority of smartphone bugs the ‘Lockerpin’ malware is distributed through dubious third-part app stores, torrents and forums. Once the malware has tricked the user into downloading the application, it attempts to increase its administrator privileges by impersonating system message updates.
On installation, Lockerpin alters the smartphone’s PIN code, demanding a ransom payment of $500 (approx. £300) for allegedly viewing forbidden pornographic material. If the target decides to pay the ransom, their bad luck doesn’t stop there – not even the attackers are able to unlock the phone. ESET warned that for “unrooted devices that aren’t protected by a security solution, there is no simple way to change the PIN except for a factory reset.”
Previous lock screen Trojans were easily thwarted by the tech-savvy user regaining admin rights. However, ESET points out that Lockerpin is more sophisticated, employing uninstallation self-defence measures, requiring Android Debug Bridge (ADB) or safe mode to deactivate.
Earlier this week a further strain of Android ransomware was discovered by researchers at zScaler, which monitors screen-unlock attempts to activate a smartphone’s camera to incorporate a photo of the target into its blackmail tactics.