AndroidOS/MalLocker.B is a variant of a ransomware family targeting Android devices. It prevents the user from interacting with the UI by displaying a screen containing a ransom note over all other windows. [1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Mobile | T1624 | .001 | Event Triggered Execution: Broadcast Receivers |
AndroidOS/MalLocker.B has registered to receive 14 different broadcast intents for automatically triggering malware payloads. [1] |
Mobile | T1629 | .002 | Impair Defenses: Device Lockout |
AndroidOS/MalLocker.B can prevent the user from interacting with the UI by using a carefully crafted "call" notification screen. This is coupled with overriding the |
Mobile | T1655 | .001 | Masquerading: Match Legitimate Name or Location |
AndroidOS/MalLocker.B has masqueraded as popular apps, cracked games, and video players. [1] |
Mobile | T1406 | Obfuscated Files or Information |
AndroidOS/MalLocker.B has employed both name mangling and meaningless variable names in source. AndroidOS/MalLocker.B has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. [1] |