Android malware detected that encrypts files and changes the pin

Often, some malware is discovered that attacks Android devices. Something that happens again this time. This time it is DoubleLocker, a kind of ransomware for Android that is responsible for encrypting the files on the device and can also change the access PIN.

Android malware detected that encrypts files and changes PIN

It is a more dangerous attack than usual, since DoubleLocker carries out all kinds of tasks to avoid being eliminated. It has been discovered by security experts from ESET. It is also the first rescue software that abuses the accessibility function.

DoubleLocker: New danger for Android

The origin is located in a banking malware. Cyber ​​criminals began spreading malicious code in fake flash updates. Once the user has launched the tool, he is asked for the accessibility permission and when the code manages to obtain those permissions he uses them to activate the administrator permissions. This takes control of the device.

The first thing DoubleLocker does is change the device PIN to a random value. At the same time, all the files on the phone are encrypted. For that the AES algorithm is used in each file. Unfortunately, in all cases so far it is impossible to recover the files.

In order to recover the files, a ransom of $ 75 is requested , which must be paid in less than 24 hours. DoubleLocker undoubtedly poses a huge danger to users of Android phones. As a precaution, it is recommended to download applications only on Google Play. And do not update if some website tells us that we must update some components such as flash.