A new strain of mobile ransomware is abusing the mechanisms behind the notification of an "incoming call" and the "Home" button to lock the screens of your devices. Under the name AndroidOS / MalLocker.B, ransomware is hidden in Android applications that are available for download on online forums and third party websites.
Like most Android ransomware executives, MalLocker.B does not actually encrypt the victim's files, but simply prevents access on the rest of the phone.
Once installed, the ransomware consumes its screen phone and prevents the user from closing / rejecting the ransom note - which is designed to look like a message from local law enforcement telling them users that they have committed a crime and must pay a fine.
The ransomware that represents its fake fine police has been the most popular form of Android ransomware for over half a decade.
Over time, these malware strains have been misused several times functions of Android operating systems to keep users locked on their home screen.
Previous techniques have included abusing the System Alert window or disabling the functions associated with the rest of the buttons of the phone.
MalLocker.B comes with a new variation of these techniques.
The ransomware uses two parts to show their note ransoms.
The first part abuses the "call" notification. This is the function that is activated for incoming calls to display caller details and MalLocker.B uses it to display a window covering the entire screen area with details about the incoming call.
The second part abuses the "onUserLeaveHint ()" function. This feature is called when users want to send an application to the background and switch to a new application and is activated when you press buttons such as Home or Recents. MalLocker.B is abusing this feature to bring the ransom note back to the forefront.
For example, in 2017, ESET discovered an Android ransomware strain called DoubleLocker that abused the accessibility service to reactivate it after users pressed the Home button.