First Android Pin-locking Ransomware Targeting Users in North America

By   ISBuzz Team
Writer , Information Security Buzz | Sep 17, 2015 06:15 pm PST

Android Ransomware #LockerPINLockerPIN sets or changes the device’s PIN lock, unbeknownst to the user as it locks the screen and demands a $500 ransom.

Researchers from ESET, a global leader in IT security for more than two decades, have discovered in the wild the first Android PIN-setting ransomware.

“Based on ESET’s LiveGrid® statistics, the majority of the infected Android devices are in the USA with a complete percentage share of over 75%,” says ESET’s Detection Engineer Lukáš Štefanko. “This is part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits.”

LockerPIN spreads via unverified third party app stores, warez forums and torrents. After a successful installation, the Trojan horse tries to obtain Device Administrator privileges by overlaying the system message with its own window and masquerading as an “Update Patch Installation.”

Currently, even if the Trojan is removed, for unrooted devices that aren’t protected by a security solution, there is no simple way to change the PIN except for a factory reset. This however results in loss of all data.  To add insult to injury, even if the user decides to pay the ransom, the attackers cannot unlock the device as the PIN is set randomly.

To prevent infection, ESET strongly advises for using an Internet security solution, such as ESET Mobile Security designed specifically for Android smartphones and tablets, to back up regularly and to download apps only from certified app stores, such as Google Play or Amazon App Store.

“You can save a few dollars by downloading the application from unverified sources, but always keep in mind, it can result in data or privacy loss, usually of a much bigger emotional or financial value,” adds  Štefanko.

In response to the discovery Kevin Epstein, VP of Advanced Security and Governance at Proofpoint has the following comments :

“As the trend towards mobile computing and BYOD continues, malicious actors will exploit this vector, just as email and social media have been used for targeted attacks. Clearly, there’s a need for targeted attack protection for mobile. Proofpoint’s research on ‘The Human Factor’ suggests everyone clicks; the social engineering component of this attack, wherein devices are compromised because a user allows the malware administrative rights, suggests mobile users are just as vulnerable as laptop users. The solution: don’t click on anything that you don’t understand.”

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires.

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x