Изображение: extremetech.com

New Android ransomware impersonates the Interior Ministry and threatens Article 242 of the RF Criminal Code

It became known about the emergence of a new advanced ransomware that cybercriminals began to use to attack users of Android devices. We are talking about the AndroidOS / MalLocker malware, the detection of which was announced by experts from Microsoft.

Image: extremetech.com

Image: extremetech.com

The message notes that the malware successfully bypasses many of the protection tools available to ordinary users. MalLocker is distributed through third-party websites and online forums using a variety of social engineering techniques, including disguising as popular apps and hacked games.

Like most ransomware for the Android platform, this malware does not actually encrypt files. Instead, it captures the screen and displays a ransom message on top of all other windows, preventing the victim from taking any action with the device.

It is noteworthy that after locking the screen, the user is shown a message with a countdown timer, the author of which is allegedly the Ministry of Internal Affairs of Russia. It says that the device was blocked by law enforcement agencies due to the fact that the user has repeatedly visited sites with child pornography and now has to pay a fine. Otherwise, the extortionist threatens the victim with criminal liability.

The good news is that fixing the problems this ransomware can bring is quite simple. Since the files on the device are not encrypted, removing the malicious application is enough to get rid of the annoying message. MalLocker itself does not have root access or any special system permissions, which means it can be uninstalled in safe mode via ADB. Obviously, the creators of the ransomware are betting that many users are not aware of this.

Since MalLocker’s analysis easily detects its malicious nature, it will not be able to penetrate the official Play Store content store, at least in its current form. To avoid problems that can arise from Android ransomware, experts recommend not downloading apps from third-party stores, forums and other suspicious resources.

If you notice an error, select it with the mouse and press CTRL + ENTER.

Leave a Comment