Android ransomware that makes data on your phone unreadable

The ransomwre asks users for a ransom of 0.013 Bitcoin which at today's exchange rate is just over sixty euros. Hundreds of users affected

A new malware, called DoubleLocker, is infecting a lot of Android devices. It is a ransomware virus that locks every piece of information on your smartphone. The hacker attack exploits an Android vulnerability to reactivate itself every time the victim presses the phone's Home button.

According to initial research by cybersecurity experts, this new ransomware stems from a family of banking trojans known as Svpeng. It is one of the most active and "oldest" malware in the Android Universe. Although security researchers have repeatedly tried to limit the trojan with updates and patches the virus continues to affect hundreds of users, continuously updating its codes. Svpeng, which has been the most dangerous banking trojan on mobile for years, can steal our money using malicious SMS or it can install itself in the phone to record the PINs we enter in the app or on our bank's website.

How DoubleLocker works

DoubleLocker is created with Svpeng's malicious code but it does not have a built-in function to steal our banking data. On the other hand, it can lock every content of our phone, including contacts, photos, videos and documents. And it demands a ransom from the victim to get them back. To attack the phone, the ransomware exploits a vulnerability in the Android operating system to get administration rights and thus put our phone in the hands of the hacker. Almost always the malware hides behind a fake Flash Player software update request. If we accidentally install the fake update and thus give the virus the green light, the ransomware encrypts our data (with the AES encryption algorithm) and changes every PIN on our services. This way we won't even be able to access cloud accounts to retrieve data from backups anymore. DoubleLocker requires victims to pay 0.013 Bitcoin, about $70, to get their files back.