New Android ransomware spotted: activates when pressing the Home button

Microsoft warning: new Android ransomware successfully spreading through third-party pages and online forums

Microsoft reported a new Android ransomware that uses a different method to lock phones.

MalLocker.B is new ransomware^[1] that is targeting Android smartphones. In most cases, it is hidden inside Android applications offered for download on third-party websites and online forums. The new ransomware is slightly different than the others because it does not encrypt the data on victims' phones.

This threat simply freezes the screen and shows a message to the victim, claiming that they are from a law enforcement agency. The ransom message also demands to pay a fine to unlock the screen. MalLocker.B ransomware gets activated when the victim gets an incoming call. When the user presses the Home button or the recent application button, the screen gets locked and shows the ransom message.

This ransomware was discovered by Microsoft, a well-known technology company. The specialists from Microsoft^[2] confirmed that the new infection only locks the screen but does not touch files. According to them, MalLocker.B virus can easily spread to multiple phones even though it is very simple. Moreover, Microsoft warned users:^[3]

This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow.

Impersonating police is the most common trap used to trick Android users

Since the ransom note looks like a message from local law enforcement, some people do not understand that this is just a virus and fall into the trap. But in reality, ransomware posing as fake messages from the police is not something new. These fake police fines have been the most popular form of Android ransomware for a while.

In the past, ransomware strains tried to abuse the Android operating system in various ways in order to keep victims locked on their home screen.^[4] For example, hackers tried to abuse the System Alert window or to disable the functions that interface with the device's physical buttons.

This time, after the victim downloaded a fake copy of a popular app, cracked game, or video player that is infected with ransomware, it achieves its goal via an entirely new tactic. MalLocker.B ransomware uses call notification to display a window that covers the screen and combines it with the Home or Recents button to trigger the ransom note that prevents the victim from using the device. Microsoft added:^[3]

This creates a chain of events that triggers the automatic pop-up of the ransomware screen without doing infinite redraw or posing as system window.

Always think before downloading something from unsafe sources

It is still unclear if the MalLocker.B ransomware can steal personal information. But this infection can turn your phone into a virtually useless device. Moreover, this ransomware is not the first or the last one in the whole history of malware aiming to affect Android phones. That is why you should always think twice before doing something on the internet.

It is important to be extra careful while downloading apps from suspicious websites. If you do not want to install ransomware on your device, the best option is to use the official Android app store or safe websites and forget about third-party pages or online forums. Also, you should use a reliable anti-malware app that is suitable for your device and backup your files^[5] frequently.