What Is It?
Various news articles in recent days have described a new strain of Android ransomware, known as DoubleLocker. The malware is so named as it not only encrypts data files on an infected smartphone, it also alters the PIN of the device. Files are encrypted using a correct implementation of the AES algorithm and have the file extension “.cryeye” added to encrypted filenames.
If the ransom of 0.0130 bitcoin is paid within the permitted two-hour time frame, the malicious actors can reset the device’s PIN and decrypt the files.
How Does It Propagate?
The malware is said to be spreading mostly via compromised websites offering a fake Adobe Flash Player download.
When/How Did BluVector Detect It?
The Android APK file analyzed by Eset is identified as malicious by BluVector’s machine learning malware detection engine. Regression testing has shown this file would have been detected by BluVector 10 months prior to it being released. Note: BluVector would only detect the malware if the Android device was connected to a corporate network monitored by a BluVector appliance.