With one click and permission granted too quickly, this malware takes control of your device and even changes your PIN code. Here’s how it works and, above all, how to protect yourself from it.
We know that digital threats are spread via insidious methods, using links, SMS or emails that attempt to “phish” victims to extract personal or banking data. But the most terrifying thing is that this malware does not just steal information: it creates a real climate of terror by depriving the victim of their most precious communication tool. Indeed, it can block the screen, take control of the camera, access files, deactivate notifications, modify the PIN code… In short, bypass all your usual security.
The software comes in the form of a seemingly legitimate application, which ends up rendering the phone completely unusable for its owner… unless a ransom is paid. The user then finds himself powerless in the face of his own device, a spectator of digital blackmail that is as powerful as it is disturbing. But, how does this ransomware (malware demanding a ransom) work and how can you avoid falling for it?
This threat called “DroidLock” targets Android smartphone users in Europe. According to Zimperium cybersecurity researchers, the attack is occurring in Spain, but could well spread to neighboring countries. Concretely, the software takes the form of a well-known application, notably that of the telephone operator Orange. But once downloaded, the fake application displays a message explaining that you need to go to the accessibility settings to allow it to work correctly. The problem is that this gives the software the ability to bypass Android’s security restrictions… and take complete control of the device.
In particular, DroidLock can monitor the phone’s unlocking patterns and change the PIN code so that the user is blocked. Then a threatening red screen appears, demanding a ransom with a countdown: “Your files will be permanently destroyed. Contact us immediately at this email address or you will lose everything forever. Payment required within 24 hours. No fonts, no recovery tools, no tricks. Every second counts!”
To avoid being fooled, cybersecurity experts of course recommend never downloading an application outside of official stores like the Google Play Store. But above all, you must constantly monitor the updates available on your phone: this malware uses certain security vulnerabilities. Precisely, Google recently warned Android users that around a hundred “critical” security problems, already exploited by hackers, and which have therefore been corrected in the latest updates, must be installed urgently.
