New Android ransomware locks out the device by changing PIN

The case of cyber extortion is increasing day by day, few days ago, an Android app called Adult Player that offers free pornographic videos was discovered as ransomware that demands $500 for unlocking the device.

Dubbed as Android/Lockerpin.A, the app first tricks users into granting it administrator privileges. The activation window of the app is overlaid with the malicious window pretending to be an “Update Patch Installation”. When the victim taps on continue button, they are actually granting administrator privileges to the malicious app.

Then the Lockerpin sets or resets a PIN for the lock screen and it is impossible to unlock the screen without root privileges.

It’s the first known ransomware that set a PIN for lock screen and requires victims to perform a factory reset, which results in data loss. The app claims to offer pornographic videos and is distributed through the third-party store, websites and forums. The app calls itself “Droid Porn” and it also tries to kill antivirus process when the victim tries to deactivate administrator rights for the app.

ESET’s LiveGrid® statistics shows that the ransomware is mostly affecting the USA, with a share of over 75 percent.