Android.Bankosy malware steals OTP from phones
Malicious app encrypts your phone and locks it unless you pay upSymantec

A piece of malicious Android 'ransomware' is locking users out of their phones and threatening to send their entire internet browsing history to all of their contacts unless a 'bribe' is paid. The software, Android.Lockdroid.E, is the latest in a long line of ransomware apps designed to exploit users and demand cash from them.

Once the app has tricked users into giving it their phone password – an act that is more easily done than you might think – it can lock the phone, change the PIN and even delete all of your data by performing a factory reset.

Discovered by researchers at computer-software company Symantec, Android.Lockdroid.E starts by locking the screen and displaying a bogus alert claiming the user has accessed 'forbidden materials'. Meanwhile, the app gathers the victim's contacts list and encrypts it in the background. The victim is then asked to pay a random, threatened by the loss of all data on the phone and the sending of their entire browser history to all of their contacts.

Android porn ransomware app
The malicious app encourages you to tap 'Continue', which actually activates the ransomwareSymantec

Such ransomware apps take many forms, but the one outlined by Symantec poses as a porn-viewing app called Porn 'O' Mania. Once installed, the app asks the user to download and install Google-related packages to allow the app to work.

This isn't too uncommon for genuine smartphone apps, so it isn't unlikely for users to tap 'Continue' in the hope that the app would work.

"But, in actuality," a Symantec blog post warns, "they have taken the first step in activating the malicious app as a device administrator, which grants all the required capabilities the malware needs to run its more aggressive extortion."

While the app appears to be installing, it is encrypting all of the data stored on the phone. It also collects your more sensitive information. After a 'please wait' message, an 'Installation complete' message is displayed. There is a 'Continue' button in the lower-right corner, but this is merely an inactive overlay: underneath this, there is a second hidden screen asking for administrator access. Therefore tapping 'Continue' actually activates administrator privileges for the app, essentially giving it free reign to all of the data on your phone. The application did not appear on Google Play, but could be downloaded from third-party Android app stores, forums and torrent sites.

As always, Symantec and IBTimes UK) urge readers to only install apps from trusted stores such as Google Play. But, by the very fact that these malicious apps are still being made, it is clear that some people do not heed such advice.