Your PIN code might keep your phone’s contents from other people, but even it isn’t safe from a new piece of ransomware capable of hijacking the safety measure on Android devices.
A group of researchers have discovered what is believed to be the first example of malware that can reset the PIN code on a device and lock the owner out of their own phone.
The ransomware, identified as “Android/Lockerpin.A,” leaves a user locked out of their device with no recourse to regain access. If the user doesn’t have a preemptive defense against the attack, such as root privileges or a security management solution installed on the device, the only option is complete factory reset that would delete all data on the phone.
Once the malicious locker is installed on the phone, it changes the PIN for unlocking the device. Shortly after, users will be presented with a fake warning message from the FBI. The alert tells the victim they must pay a $500 penalty for viewing and downloading pornographic material.
Previous lock screen attacks simply took over the lock screen itself but could be overridden by rebooting in Safe Mode and uninstalling the offending application or using Android Debug Bridge, a command line utility within the Android operating system.
The new bit of ransomware takes an extra precaution to prevent such a simple defeat by preserving its own administrator privileges on the infected device, making it next to impossible to simply uninstall it. The trojan will reactivate itself if disabled or present a phony overlay that states deactivating it is forbidden.
Android/Lockerpin.A has primarily been spotted in the United States, with over 75 percent of all confirmed cases occurring within the country. The malware is not obtained through the Google Play Store but rather from third party markets.
If you’re worried about being left vulnerable to the latest mutation of lock screen ransomeware, Android app ESET Mobile Security can detect and help prevent against the threat.
H/T WeLiveSecurity | Illustration by Max Fleishman