LockerPIN: ESET researchers have discovered the first "in the wild" ransomware for Android that sets the PIN.
“Based on the statistics data of ESET LiveGrid, the majority of infected Android devices are located in the US with a total of more than 75%," ESET Detection Engineer Lukáš Štefanko claims.
"This is indicative of a trend in which malware developers for Android are shifting attacks from mainly Russian and Ukrainian users to Americans to make far higher profits."
LockerPIN spreads through non-certified app stores owned by third parties, warez and torrent forums. Once installed, the Trojan attempts to acquire device administrator permissions by displaying an update patch installation window above the system message.
At this stage, even if the trojan is removed, for unrooted devices not protected by a solution better safetys, there is no simple way to change the PIN other than a factory reset. But this leads to loss of all data. As if that wasn't enough, even if the user decides to pay for them ransom, attackers cannot unlock the device since the PIN is randomly set.
To protect against this malware, ESET recommends using a security solution for browsing the Internet, such as ESET Mobile Security, specifically designed for Android smartphones and tablets, backing up regularly, and downloading apps only from a certified app store, such as Google Play or the Amazon App Store.
"You can save some money when downloading applications from unverified sources, but keep in mind that this can lead to loss of data or personal data, which usually have a much greater emotional or economic value," adds Štefanko.
Read more about #LockerPIN on WeLiveSecurity.com and follow the developments in the social media case using the #LockerPIN hashtag.