Android Lockdroid Ransomware Uses Dropper and QR Code - How to, Technology and PC Security Forum |

Android Lockdroid Ransomware Uses Dropper and QR Code

An Android ransomware virus has been detected out into the open that takes advantage of multiple different old techniques that were recreated to cause a successful infection.

The virus, also known as Lockdroid actually uses a very familiar, but in the same time not very widespread – dropper.

How the infection happens is that the virus can be inserted via an app installed from a third-party location with the authorization of the user. After this has happened the app will establish connection to a third-party host where automatically the lockscreen malware is dropped and executed, researchers( report.

What is interesting about this case is that the app itself checks the root status of the device and if it is not rooted, it displays a screen that has deceitful messages for the user to confirm. This screen gives the application permissions to act.

Once it has been administratively activated, the app unmounts and mounts the /system partition of the Android device and then copies the malicious APK (package) file for the ransomware into that very partition. Then, the app changes the APK file which is the Lockdroid malware’s permissions to auto execute. After this horrendous activity is complete, the app restarts the device in a force mode and then locks it’s screen.

What is interesting is that the app displays a 2D type of barcode on the device in the lockscreen. In addition to it, it has instructions on how to scan this very barcode to perform a payment easily and unlock the android device. Malware researchers strongly advise users not to scan or pay anything and to try alternative tools to reset the phone after taking out your SIM card.

We have created the following instructions, in case you have become a victim of Android malware. They will help you get access to your phone again. But first, make sure to try and get your files back, because these instructions include the wiping of the device, so use them at your own risk.

1. Back up the data on your device
2. Hard-reset your device and remove Lockdroid
3. Restore missing or corrupt files using special file restoration software

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share