This malware not only prevents the user from accessing their device, but it also has extensive capabilities that may allow the attacker to control highly sensitive information, such as “messages, call history, and contacts.” The danger goes beyond that, reaching the threat of deleting all the data on the device entirely if the required ransom is not paid within a specific time period.
According to analyses by security experts, “DroidLock” spreads through malicious websites disguised as legitimate applications, with the aim of deceiving users and urging them to download fake software. The attack process begins with installing a program that misleads the user into installing the main malicious package containing the malware.
Once the installation process is complete, the application begins requesting device administration privileges, as well as “Accessibility Services.” These permissions are extremely dangerous, as they allow the malware to perform many operations without explicit permission from the victim, which opens the door wide for complete control of the device.
After executing the attacks, “DroidLock” displays a ransom screen on the device, in which it demands that the victim contact the attacker via an encrypted email.
The user is given a time limit of “24 hours” to pay the ransom, with a clear and explicit threat to erase all files or permanently prevent access to them if payment is not made. (Eram News)
