A new Android ransomware, DoubleLocker, has been discovered locking users out of their own devices and encrypting data in the smartphone to extort money.

[Figure 1] Malicious app icon

DoubleLocker ransomware disguised as Adobe Flash Player app is as shown in Figure 1. While being installed, the app requests activation of Google Play Services.  If the user does not activate Google Play Services, a service setting pop-up appears repeatedly asking for user's permission.

Once activated through accessibility permission, DoubleLocker displays a ransom note on the infected smartphone screen as Figure 2. The ransom note cannot be removed until the ransom is paid in bitcoins.

[Figure 2] DoubleLocker ransom note

Not only does the ransom note interfere with smartphone access but it also encrypts user data on the smartphone, appending the extension .cryeye as shown in Figure 3. 

As well known, there is usually no other way to decrypt the encrypted data without the recovery key. Therefore, appropriate precautionary measures are required before malware infection, such as installation of mobile antivirus apps like V3 Mobile Security. In addition, users should not only use official app store for downloading apps but also check for the validity of the apps via reviews.

▶Download V3 Mobile Security from Google Play Store.

Source : https://mglobal.ahnlab.com/site/securitycenter/securitycenterboard/securityInsightView.do?seq=2368&curPage=7