Android ransomware hijacks the Home button

Discussion in 'Headline News' started by RickAgresta, Oct 10, 2020.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Likes Received:
    Trophy Points:
    Microsoft warns of Android ransomware that activates when you press the Home button

    New MalLocker.B ransomware is currently spreading via online forums and third-party websites

    A new strain of mobile ransomware abuses the mechanisms behind the "incoming call" notification and the "Home" button to lock screens on users' devices.

    Named AndroidOS/MalLocker.B, the ransomware is hidden inside Android apps offered for download on online forums and third-party websites.

    Just like most Android ransomware strains, MalLocker.B doesn't actually encrypt the victim's files but merely prevents access to the rest of the phone.

    Once installed, the ransomware takes over the phone's screen and prevents the user from dismissing the ransom note — which is designed to look like a message from local law enforcement telling users they committed a crime and need to pay a fine.

    Image: Microsoft
    Ransomware posing as fake police fines has been the most popular form of Android ransomware for more than half a decade now.

    Across time, these malware strains have abused various functions of the Android operating systems in order to keep users locked on their home screen.

    Past techniques included abusing the System Alert window or disabling the functions that interface with the phone's physical buttons.

    MalLocker.B comes with a new variation of these techniques.

    The ransomware uses a two-part mechanism to show its ransom note.

    The first part abuses the "call" notification. This is the function that activates for incoming calls to show details about the caller, and MalLocker.B uses it to show a window that covers the entire area of the screen with details about the incoming call.

    The second part abuses the "onUserLeaveHint()" function. This function is called when users want to push an app into the background and switch to a new app, and it triggers when pressing buttons like Home or Recents. MalLocker.B abuses this function to bring its ransom note back into the foreground and prevent the user from leaving the ransom note for the home screen or another app.

    The abuse of these two functions is a new and never-before-seen trick, but ransomware that hijacks the Home button has been seen before.

    For example, in 2017, ESET discovered an Android ransomware strain named DoubleLocker that abused the Accessibility service to re-activate itself after users pressed the Home button.

    Since MalLocker.B contains code that is too simplistic and loud to make it past Play Store reviews, users are advised to avoid installing Android apps they downloaded from third-party locations such as forums, website ads, or unauthorized third-party app stores.

    link to full article:
    scjjtt, headcronie, Hook and 2 others like this.
  2. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Likes Received:
    Trophy Points:
    Well, that's pretty crappy. :vbmad: Glad I'm an Apple Girl. :vbsmile:
  3. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Likes Received:
    Trophy Points:
    3rd party websites and forums. That's the sticking point right there. Much like downloading software for Macs and PCs from unknown sources. If ya got half a brain on your shoulders, this won't be a problem. :) If it gets into the Play Store undetected, then there's a problem.

Share This Page