New Lockerpin Ransomware Steals PINs And Locks Devices For Ever

A new form of ransomware that actively locks out users by burrowing into a phone’s software has been detected by security researchers.

Named Lockerpin by researchers at security firm ESET, the malware alters a phone’s PIN lock function, stopping users from accessing their device unless they pay a ransom of $S500 ransom for allegedly viewing and harbouring forbidden pornographic material.

ESET says this is the first time they’ve ever detected such a function in malware, marking it as extremely dangerous for users.

Barred

Previous Android LockScreen Trojans usually work by constantly bringing the ransom window to the foreground in an infinite loop, which although annoying, can be removed using debug programs.

However with Lockerpin, users have no effective way of regaining access to their device without root privileges or without some other form of security management solution installed, apart from a factory reset that would also delete all their data.

The ransomware is also able to worm its way in to obtaining and keeping Device Administrator privileges, meaning it is extremely tricky for users to uninstall, as when users attempt to deactivate Device Admin for the malware, they will fail because the Trojan will have registered a call-back function to reactivate the privileges when removal is attempted.

Similarly to when Device Administrator is first activated by the Trojan, if a removal attempt is made the Device Administrator window is again overlaid with a bogus window, which when selected effectively reactivates the elevated privileges.

“This is the first case in which we have observed this aggressive method in Android malware,” the researchers say.

ESET say that the only way to remove the PIN lock screen without a factory reset is when the device is rooted or has a MDM solution capable of resetting the PIN installed, both of which should allow the users to regain full functionality.

Dodgy

Lockerpin is downloaded by accessing a malicious app posing as an adult video app calling itself “Porn Droid”, which luckily cannot be found on Google Play.

ESET says that over 75 percent of the infected devices are in the USA, reflecting a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to largely targeting victims in America, where arguably they can make bigger profits.

A study by ESET earlier in the year found that ransomware is an increasingly dangerous proposition for many UK businesses, with over a third of UK companies having either personally been held to ransom by hackers, or know someone that has had their networks infected by ransomware.

Security firm McAfee Labs also warned earlier this month that ransomware attacks grew 127 percent from Q2 2014 to Q2 2015, with McAfee attributing this to a number of fast-growing new families such as CTB-Locker and CryptoWall, both of which hit the headlines earlier this year.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

7 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

8 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

9 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

13 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

13 hours ago