This fiendish Android ransomware hijacks your home button

The war on randsomware
(Image credit: Shutterstock)

A new malware attack, dubbed the “latest evolution of mobile ransomware,” has been discovered affecting Android devices. Named “AndroidOS/MalLocker.B,” it lures victims in by posing as popular games or apps on online forums and third-party websites.

While its method of circulation may not be particularly novel, the way that this ransomware leverages certain Android features and is able to evade detection by most security solutions marks it out as an innovative new threat.

Like the majority of Android ransomware, MalLocker.B doesn’t actually encrypt a victim’s files, instead blocking access to a device by taking over the entire screen with the ransom note. If users cannot remove the malware, they are then left with a choice of getting rid of the device or paying the ransom.

New threats

Previous examples of Android ransomware used the System Alert Window to take over a device’s screen. However, as security systems became more sophisticated, cyberattackers had to change their approach in order to remain effective.

The creators of MalLocker.B have employed a two-part mechanism to disable a victim’s device. First, it uses the call notification to cover the entire screen and, second, it abuses the function that puts an activity into the background, such as pushing the ‘Home’ key, preventing the user from leaving the ransom note. 

Although this technique represents the latest evolution in Android ransomware, it is not the first time that the ‘Home’ key has been abused for malicious purposes.

“This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow,” a blog post by the Microsoft Defender Research Team explains. “It reinforces the need for comprehensive defense powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals.”

While some anti-virus software is able to detect new ransomware variants like MalLocker.B, the best way of staying protected is to avoid downloads from non-reputable sources.

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.