Researchers from ESET discovered the first Android PIN-setting ransomware in the wild. “Based on ESET’s LiveGrid statistics, the majority of the infected Android devices are in the USA with a complete percentage share of over 75%,” says ESET’s Detection Engineer Lukáš Štefanko. “This is part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits.”
LockerPIN spreads via unverified third party app stores, warez forums and torrents. After a successful installation, the Trojan horse tries to obtain Device Administrator privileges by overlaying the system message with its own window and masquerading as an “update patch installation.”
Currently, for unrooted devices that aren’t protected by a security solution, there is no simple way to change the PIN except for a factory reset even if the Trojan is removed. This however results in loss of all data. To add insult to injury, even if the user decides to pay the ransom, the attackers cannot unlock the device as the PIN is set randomly.
To prevent infection, ESET strongly advises for using an Internet security solution, such as ESET Mobile Security designed specifically for Android smartphones and tablets, to back up regularly and to download apps only from certified app stores, such as Google Play or Amazon App Store.
“You can save a few dollars by downloading the application from unverified sources, but always keep in mind, it can result in data or privacy loss, usually of a much bigger emotional or financial value,” adds Štefanko.
Read more about #LockerPIN on WeLiveSecurity.com and follow the evolving story on social media using hashtag #LockerPIN.