Android.Lockdroid.E is spread via 3rd party app stores as well as doing the rounds on various text/SMS (URLs) messages and forum posts. It targets primarily rooted devices and attempts to drop a version of itself on the rooted device. or if the device is not rooted it will attempt to lock the device.
While this is not an uncommon technique, this is the first time it’s been used to deliver ransomware to Android devices. In addition to this relatively effective technique, the same attackers have implemented a rather ineffective 2D barcode technique in an effort to receive payment from users affected by this threat. When it is installed on a device, it checks to see whether the device has been rooted. If the device has been rooted, it displays a screen claiming that root access permission is required to access to thousands of adult movies for free to entice users to click on it. If the user clicks on the okay button, it will drop a version of itself by:
- Remounting the /system partition
- Copying the embedded APK file for Android.Lockdroid.E contained in the assets folder into /system/app/[THREAT NAME].apk
- Change Changing the dropped APK file’s permission to executable
- Rebooting the device so the threat can run on boot completed as a system application
When the ransomware has become a system application on the Android device, to the novice user, this usually means that Android.Lockdroid.E has been successfully dropped on the device and the device will then be locked and display a ransom screen and 2D barcode, like the one below:
The instructions ask the user to scan the barcode to log in to a messaging app to pay the ransom. While this may seem like a good idea to have victims pay the ransom for their device, it is ineffective in practice. There is no way to scan the barcode or log in to the messaging app from the compromised device, so the barcode must be scanned from a second device. This makes it more difficult for the victim to pay their ransom and for the attacker to receive payment.
Some tips to protect your Android mobile device:
- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data