Microsoft has warned users of a new strain of mobile ransomware that abuses the mechanisms behind ‘incoming call’ notification and the ‘Home’ button to lock screens on users’ devices. Microsoft Defender detected the sophisticated Android ransomware for Endpoint. The threat, named AndroidOS/ MalLocker.B, exemplifies the rapid evolution of mobile threats and is the latest variant of a ransomware family that’s been out there for quite some time now and has been evolving continuously, according to Microsoft.
“This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players,” Microsoft revealed in a blog.
The new variant caught Microsoft’s attention because of its advanced nature and malevolent characteristic and behavior. The malware manages to evade protections, registering a low detection rate against security solutions.
Microsoft said that the new Android ransomware variant overcomes these barriers by evolving further than any other Android malware that has been seen before it.
The ransomware makes use of a dual mechanism to show its ransom note.
Firstly, it abuses the call notification that activates for incoming calls to show details about the caller. MalLocker.B makes use of a window that covers the entire area of the screen as well as incoming call details.
Secondly, it abuses the “onUserLeaveHint()” function. When users want to switch to a new app and push an app into the background. MalLocker.B brings its ransom note back into the foreground and stops the user from leaving it for the home screen or another app.