ESET Researchers Discover First-Ever Ransomware Misusing Android Accessibility Services

Next story

ESET researchers have discovered DoubleLocker, an innovative Android ransomware that combines a cunning infection mechanism with two powerful tools for extorting money from its victims. 

“DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals. Its payload can change the device’s PIN, preventing the victim from accessing their device and also encrypts the victim’s data. Such a combination hasn’t been seen yet in the Android ecosystem,” comments Lukáš Štefanko, ESET Malware Researcher who discovered DoubleLocker. 

On top of being ransomware, DoubleLocker is based on the foundations of a particular, already documented banking Trojan. According to Štefanko, the functionality for harvesting users’ banking credentials and wiping out their accounts can be added easily. 

“The additional functionality would turn this malware into what could be called a ransom-banker,” warns Lukáš Štefanko, who claims he spotted a test version of such a ransom-banker in the wild in May 2017.

For more details, read an article on DoubleLocker at ESET’s official blog, WeLiveSecurity.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.