AndroidOS/MalLocker.B
AndroidOS/MalLocker.B is a variant of a ransomware family targeting Android devices. It prevents the user from interacting with the UI by displaying a screen containing a ransom note over all other windows. [1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1402 | Broadcast Receivers |
AndroidOS/MalLocker.B has registered to receive 14 different broadcast intents for automatically triggering malware payloads. [1] |
|
| Mobile | T1476 | Deliver Malicious App via Other Means |
AndroidOS/MalLocker.B has been spread using direct download links. [1] |
|
| Mobile | T1446 | Device Lockout |
AndroidOS/MalLocker.B can prevent the user from interacting with the UI by using a carefully crafted "call" notification screen. This is coupled with overriding the |
|
| Mobile | T1444 | Masquerade as Legitimate Application |
AndroidOS/MalLocker.B has masqueraded as popular apps, cracked games, and video players. [1] |
|
| Mobile | T1406 | Obfuscated Files or Information |
AndroidOS/MalLocker.B has employed both name mangling and meaningless variable names in source. AndroidOS/MalLocker.B has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. [1] |
|