MalLocker.B, il virus russo che blocca lo smartphone Android

MalLocker.B è un virus "low cost", di tipo ransomware, che ricatta l'utente: chi non paga resta con lo smartphone bloccato

Microsoft lancia l’allarme: c’è un nuovo virus per Android che si sta diffondendo e che può rivelarsi particolarmente pericoloso. Questo malware si chiama MaiLocker.B, è un “ransomware" e secondo Microsoft, che l’ha scoperto, è l’ultima evoluzione in questa tipologia di virus.

I ransomware sono quei virus che ricattano l’utente dopo aver infettato lo smartphone. Di solito procedono a criptare tutti i dati sul dispositivo per poi chiedere un riscatto in denaro, altrimenti l’utente potrà dire addio ai suoi dati (e allo smartphone, che diventa inutilizzabile). Oppure non criptano i dati, ma bloccano lo schermo per rendere comunque inutilizzabile il telefono. These malware are among the most dangerous viruses, as you can easily guess, and they directly target the wallet of the unfortunate user who inadvertently downloads them. MalLocker.B, however, despite having the exact same purpose has a completely different operation than what we have seen so far.

How MalLocker.B works

MalLocker.B is spread via infected apps, which are not present on the official Play Store but which the user can find on forums and websites in the form of .Apk files. Unlike other ransomware, however, MalLocker.B does not encrypt data and uses a new method to lock the screen, which has never been seen before.

Even if the data remains intact, then, the entire phone becomes unusable because MalLocker.B shows a fixed screen that overlaps any control.

Practically, the user only sees the message containing the money request, in Russian language, and cannot touch anything to unlock the phone. Even though the method is different, therefore, the effect is absolutely the same: the smartphone becomes unusable until you pay.

How does MalLocker.B lock the smartphone

In the past, Android ransomware used a special permission called "SYSTEM_ALERT_WINDOW" to display the ransom demand. This permission was created to show warnings or system errors, but it has been used and abused by cyber criminals and, therefore, in the latest versions of Android apps cannot use it so easily anymore.

MalLocker.B bypasses this defense by exploiting two new permissions that, used together, allow it to prevent the user from pressing any key to close the ransom message. These are just a few simple lines of code, which would be easily discovered if the infected apps were published on the Play Store. MalLocker.B, basically, is a "low cost" malware.

This is why MalLocker.B is not distributed via apps on the official Google store, but via alternative unguarded channels, where you can find anything and everything. Therefore, the advice to avoid MalLocker.B infection is to absolutely avoid downloading .Apk files from P2P sites, forums and networks.