Android Lockdroid Ransomware Uses Dropper and QR Code

An Android ransomware virus has been detected out into the open that takes advantage of multiple different old techniques that were recreated to cause a successful infection.

The virus, also known as Lockdroid actually uses a very familiar, but in the same time not very widespread – dropper.

How the infection happens is that the virus can be inserted via an app installed from a third-party location with the authorization of the user. After this has happened the app will establish connection to a third-party host where automatically the lockscreen malware is dropped and executed, researchers(https://www.symantec.com/connect/blogs/android-ransomware-repurposes-old-dropper-techniques?es_c=50044&es_t=1486483247) report.

What is interesting about this case is that the app itself checks the root status of the device and if it is not rooted, it displays a screen that has deceitful messages for the user to confirm. This screen gives the application permissions to act.

Once it has been administratively activated, the app unmounts and mounts the /system partition of the Android device and then copies the malicious APK (package) file for the ransomware into that very partition. Then, the app changes the APK file which is the Lockdroid malware’s permissions to auto execute. After this horrendous activity is complete, the app restarts the device in a force mode and then locks it’s screen.

What is interesting is that the app displays a 2D type of barcode on the device in the lockscreen. In addition to it, it has instructions on how to scan this very barcode to perform a payment easily and unlock the android device. Malware researchers strongly advise users not to scan or pay anything and to try alternative tools to reset the phone after taking out your SIM card.

We have created the following instructions, in case you have become a victim of Android malware. They will help you get access to your phone again. But first, make sure to try and get your files back, because these instructions include the wiping of the device, so use them at your own risk.

1. Back up the data on your device
2. Hard-reset your device and remove Lockdroid
3. Restore missing or corrupt files using special file restoration software

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.