|Mobile||T1476||Deliver Malicious App via Other Means|
AndroidOS/MalLocker.B can prevent the user from interacting with the UI by using a carefully crafted "call" notification screen. This is coupled with overriding the
|Mobile||T1444||Masquerade as Legitimate Application|
|Mobile||T1406||Obfuscated Files or Information||
AndroidOS/MalLocker.B has employed both name mangling and meaningless variable names in source. AndroidOS/MalLocker.B has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects.