Microsoft warns against new ransomware attack on smartphones

Sinziana Mihalache
by Sinziana Mihalache
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Microsoft Defender Research Team has discovered new ransomware threatening Android phones.
  • MalLocker.B takes over Android phones in two ways. Read below to find more details.
  • In the Privacy section, we bring you the best software to protect all your devices from cyber-attacks.
  • Find everything about the latest security breaches in the Security Hub on our website.
new android ransomware

Mobile ransomware is the latest security danger known in the industry, and although it’s not new, it keeps evolving.

In a recent security report, the researchers in the Microsoft Defender Team warn against new ransomware tricks used on Android smartphones.

[…] We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. […]The new variant caught our attention because it’s an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.

This new ransomware type is called MalLocker.B and just like any other malware version, it can be caught from random websites or can come disguised as popular third-party apps, cracked games, or video players.

How does the new ransomware version behave?

MalLocker.B ransomware

Unlike other ransomware attacks that abuse permission requests or launch annoying pop-up windows, the new techniques involve blocking the user on the home screen or on the details of an incoming call.

More specifically, first, the attack uses a call notification to get the user’s immediate attention.

At this point, one might tap on the call and the malware will show a window that covers the entire screen with details about the incoming call.

Then, the attack uses the onUserLeaveHint() function, which is triggered when the user wants to push back an app to open a new one and might go to the Home screen.

As the report shows, these tricks don’t trigger cascading windows that can make the user suspicious, and so the attack can continue at ease.

The full code of the attack is explained in the mentioned report.

These are new tricks and as a result, MalLocker.B has been included in the list of attacks monitored by Microsoft Defender for Endpoint on Android.

What’s your intake on this topic? Share your opinion with us in the comments below.