MalLocker.B: An Android mobile ransomware that abuses the incoming call mechanism- Technology News, Firstpost

FP TrendingOct 12, 2020 17:29:21 IST

Microsoft has warned users of a new strain of mobile ransomware that abuses the mechanisms behind ‘incoming call’ notification and the ‘Home’ button to lock screens on users’ devices. The sophisticated Android ransomware was detected by Microsoft Defender for Endpoint. The threat, named AndroidOS/ MalLocker.B exemplifies the rapid evolution of mobile threats and is the latest variant of a ransomware family that’s been out there for quite some time now and has been evolving continuously, according to Microsoft.

“This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players,” Microsoft revealed in a blog.

The new variant caught Microsoft’s attention because of its advanced nature as well as malevolent characteristic and behaviour. The malware manages to evade protections, registering a low detection rate against security solutions.

Microsoft said that the new Android ransomware variant overcomes these barriers by evolving further than any other Android malware that has been seen before it.

The ransomware makes use of a dual mechanism to show its ransom note.

Firstly, it abuses the call notification that activates for incoming calls to show details about the caller. MalLocker.B makes use of a window that covers the entire area of the screen as well as incoming call details.

Secondly, it abuses the “onUserLeaveHint()” function. When users want to switch to a new app and push an app into the background. MalLocker.B brings its ransom note back into the foreground and stops the user from leaving it for the home screen or another app.