• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Android Ransomware Just Became a Little Bit More Sophisticated

  • Thread starter
  • Admin
  • #1


Admin & Security Team
Feb 19, 2010
Midlands, UK
PC Experience
Very Experienced
Android.Lockscreen uses pseudo-random PIN codes to lock users out of their devices and request large sums of money

A previously unsophisticated Android ransomware that locks an Android device's screen has received new updates that make it impossible for security researchers to help victims unlock their devices.

Android.Lockscreen was a simplistic Android ransomware that appeared in March 2015. For a long period of time, this threat operated by setting a custom PIN code and showing a message on the user's screen, asking them to call a number for technical support.

Users calling this number would be tricked into paying for expensive "technical support" and would then receive the device's new PIN code.

Previous Android.Lockscreen versions could be removed

Security researchers that took a look at this threat soon realized that the ransomware's source code included the PIN code used to lock devices.

For many months, it was easy for security researchers to take a look at the latest Android.Lockscreen samples and extract the PIN code, passing it on to infected victims.

But the crooks caught on to their own mistake, and in recent versions, they changed the mechanism through which they generate the PIN code.

New versions use a pseudo-random PIN code

"Newer variants have eliminated the hardcoded passcode and replaced it with a pseudorandom number," Symantec's Dinesh Venkatesan writes.
"Some variants generate a six-digit number and some generate an eight-digit number."

Android.Lockscreen now uses the Java Math.random() function to generate a pseudo-random number, which it sets as the device's PIN code.

The ransomware is effective at locking the device only on older Android versions, prior to Google's Nougat release, which included protections to prevent calls for PIN/password resets from other apps, if the PIN was set by a user beforehand.

To prevent losing control over their Android smartphones, users should install apps only from trusted sources, like the Google Play Store, and pay attention to the permissions apps request upon installation.
Android.Lockscreen, by the operations it needs to carry out, will require a lot of intrusive permissions, such as the ability to lock the user's screen, change device settings, and overlay messages on top of other apps.

Top Bottom