As we all know, Android is a toxic hellstew of vulnerabilities and you should all be using iPhones because they’re totally secure.
Well, neither of those things are really true.
But I still need to warn you about a dangerous new Android malware making its way across a few devices around the world.
That Android malware was identified by Dr. Web Anti-virus and has been called Android.Locker.38.origin – or just Locker 38 for short.
Locker 38 is a ransomware virus that locks your phone behind a password and demands a ransom in order to unlock it.
It’s part of a string of Android.Locker ransomware which has emerged over the past few years. Here’s how this latest iteration of the threat works:
-The ransomware infects your device via malicious apps or third-party web downloads (it’s not likely found on the Google Play Store at this time)
-Once downloaded, the app adds a small shortcut on your device. This shortcut says “System updates” and looks like an official update tool.
-If you tap that shortcut, the device asks for permission to “Change the screen-unlock password” and then prompts you to tap the “Activate” button. Then, it begins to “install updates” along with a very legitimate-looking progress bar and Android logo.
Once it’s installed, you’re hooped. The app immediately locks your device’s screen and displays a ransom demand.
With many other Android ransomware viruses, you can simply deprive the app of administrator privileges and take away most of its power.
Unfortunately, Locker 38 is smarter than that. If you try to take away its administrative privileges, the Trojan will switch your device into standby mode and then, when you turn your device back on, the app will display a warning saying that all the data on your device has been removed.
To make matters worse, Android.Locker.38.origin isn’t just a ransomware Trojan: it also acts as an SMS bot and can send various messages from your device. Many of those messages appear to be an effort to obtain financial data.
So how do you get rid of it?
You can use the set_unlock command on Android to immediately unlock your device and get past the annoying lockscreen. You do, however, need to be using Dr. Web Anti-virus for that method to work.
If you’re not using Dr. Web Anti-virus, then you should reset all settings to default to immediately remove the Trojan.
This Trojan seems horrible, but it’s not quite as bad as it could be. Just remember: don’t fall for these ransom demands. Even if paying the ransom unlocks your phone, your banking data is probably in the hands of some malicious weirdo.