Malicious software called DoubleLocker is developed on the basis of a bank Trojan, however, it is not interested in the victim's finances. DoubleLocker is distributed through compromised sites under the guise of updating or activating Adobe Flash Player. Once on the device, the malware gets the necessary permissions under the guise of enabling the false service Google Play Service.
To unlock the gadget, cybercriminals claim 0.0130 BTC (at the time of writing, just ~ $ 75), threatening otherwise to destroy all the data after 24 hours. Nevertheless, according to the site Blockchain.info, bitcoin-purse intruders are still empty.
Wallet is: 1HxKouDDK9WbkizMEnf23tftHSefWhUyXR
Every time a user presses the Home button, the extortionist activates and blocks the screen of the tablet or smartphone
To get rid of DoubleLocker, ESET advises you to reset Android to factory settings. Owners of a smartphone with superuser privileges can delete the file with a PIN and deactivate administrator rights for the malware through USB debugging of the device.
DoubleLocker does not have the functions of collecting user's bank data and erasing accounts, instead, it provides tools for extortion. Malware can change the PIN of the device, blocking victim access, and also encrypts all files in the main storage device - we first see such a combination of functions in the Android ecosystem
In September ESET reported a malicious program MSIL / Hoax.Fake.Filecoder, which required bitcoins for decrypting files, although in fact did not even support the encryption function.