A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their own smartphone or tablet.
This Android PIN-locking ransomware, identified as Android/Lockerpin.A, changes the infected device's lock screen PIN code and leaves victims with a locked mobile screen, demanding for a $500 (€450) ransom.
Here's the Kicker:
Since the lock screen PIN is reset randomly, so even paying the ransom amount won't give you back your device access, because even the attackers don't know the changed PIN code of your device, security researchers at Bratislava-based antivirus firm ESET warn.
LockerPIN, as dubbed by the researchers, being spread through an adult entertainment apps installed from third-party websites, warez forums, and torrents – outside of the official Google Play Store.
The app in question is Porn Droid, which is the second of its kind observed recently called Adult Player – another porn-themed Android app that takes selfies of its users and include them in its ransom messages.
How LockerPIN Works?
Once installed on the victim's smartphone, the app first tricks users into granting it device administrator rights. It does so by disguising itself as an "Update patch installation" window.
After gaining admin privileges, the malicious app goes on to change the user's lock screen PIN code, using a randomly generated number.
Though the majority of infected devices are detected within the United States, the researchers have spotted the infections worldwide.
How to Get Rid of this LockerPIN Ransomware?
Unfortunately, there is "no effective way" to regain access to infected devices without losing personal data.
Rebooting the device in Safe Mode and uninstalling the offending application or using Android Debug Bridge (ADB) alone won't solve the issue.
The only way to unlock the device and get rid of LockerPIN ransomware app is to perform a factory reset that would wipe out all the personal data and apps stored on your device.
Ransomware delivering through malicious apps are growing increasingly and becoming more sophisticated with time, and this newly discovered LockerPIN Ransomware proves the theory.
The bottom line:
To avoid falling victims to malicious apps like Porn Droid and Adult Player, the saving grace for users is:
- Don't install apps outside of the Google Play Store.
- Don't grant administrator privileges to apps unless you truly trust them.