Select Page

Android virus acquires new features

Menacing days have descended upon the Android community. As malware-wrapped in a Google Play app is no longer a novelty, malware developers still find ways how to astonish the virtual community with more pervasive hacking techniques. DoubleLocker, LokiBot, and Monero miner detected in several Google Play store are in the main spotlight. If you are an Android user, find out how you can escape these threats.

Crypto-coin miners – the new “wave” among malware developers

After Coinhive was introduced enabling site administrators to “mine” money on the expense of their visitors’ CPU power, the mining process quickly became the new obsession among cyber villains.

The greed for bitcoins, Monero and other crypto-currency has led cyber villains palm off mining malware in hacked websites, browser extensions, apps. Google Play store did not escape their attention as well.

Three apps – Recitiamo Santo Rosario Free, SafetyNet Wireless App, Car Wallpaper HD: mercedes, ferrari, bmw and audi – were detected bearing Monero miner. They are said to have earned only 170 dollars for their developers. On the other hand, since felons quite easily foist Android virus and miners in Google Play store, more corrupted apps may be still present. The above-mentioned have been eliminated from the web store.

Android ransomware becomes more menacing

As Windows OS community still remains the main target of ransomware developers, they also point their daggers to Android users. DoubleLocker may be called the predecessor of ransom-bankers. Though it does not have the ability to access bank account directly, it changes the pin code in the device. Only after a user pays the ransom, the perpetrator unlocks the phone remotely.

There is also another operation stage – it encrypts data and appends .cryeye file extension. Unfortunately, the process is carried out properly unlike in the case of LokiBot. DoubleLocker demands 0.0130 BTC within 24 hours. This particular malware was caught spreading in the disguise of fake Adobe Flash Player updates.

Things are different when it comes to LokiBot. It seems still under development as it fails to encode files, even though it deletes the original files. Fortunately, the copies can be altered to “revive” the affected data.

This particular malware infiltrates the device and applies its “overlapping” technique to display fake log-in notifications. On the other hand, it manages to lock the screen. The virus asks victims to pay the sum varying from $70 to $100. It tends to target mostly banking apps, though it tries to corrupt Skype, WhatsApp, and Outlook as well. The main purpose of the malware is too acquire personal bank account and email log-in data via the layers applied on the mentioned apps.

Malware termination and prevention

Speaking of full-fledged ransomware, the only way to delete the ransomware is to perform factory reset. In case of LokiBot, you will need to restart the mobile device in Safe Mode, remove the malware admin user and the compromised application. As for the prevention:

  • install the mobile version of an anti-virus and malware elimination tool (major anti-virus software already detect miners)
  • delete applications which display log-in errors even though you entered the correct passcode
  • check users‘ reviews before installing one or another app from