A new mobile strain ransomware κάνει κατάχρηση των μηχανισμών της ειδοποίησης “εισερχόμενη κλήση” και του κουμπιού “Home” για να κλειδώσει τις displays in devices Android.
Under the name AndroidOS / MalLocker.B, ransomware is hidden in Android applications that are offered for download from online forums and third party websites.
Like most ransomware for Android, MalLocker.B does not actually encrypt the victim's files, but prevents access to the rest of the phone.
Once installed, ransomware takes over screen of the phone and prevents the user from leaving the screen displaying the ransom note. The note is designed to look like a message from local law enforcement and tells users that they have committed a crime and must pay a fine.
Ransomware uses a mechanism two of parties to display the ransom note.
The first part abuses the “incoming call” notification. This is the mode enabled for incoming calls it shows details from the caller and MalLocker. It uses this to display a full-screen window with details about the incoming call.
The second part abuses the "onUserLeaveHint ()" function. This feature is used when users want to push an application into the background to switch to a new application. Activated when you press the Home or Recents buttons. MalLocker.B abuses this feature to reset the ransom note and prevent the user from changing screen or opening another application.