Home / malwarePDF  

Android.Lockscreen


First posted on 25 March 2015.
Source: Symantec

Aliases :

There are no other names known for Android.Lockscreen.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: Nero.lockphone
Version number: 1.0

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Access information about the Wi-Fi state.Change Wi-Fi stateStart once the device has finished bootingEnd background processesAccess list of current or recently running tasksPrevent processor from sleeping or screen from dimmingSend SMS messages


Installation
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.


Functionality
When the Trojan is executed, it creates a service with the following name:
killserve
Next, the Trojan locks the screen to block the user from accessing the compromised device.

The Trojan then displays a ransom notice, telling the user to contact the attacker to receive the password to unlock the device.

Last update 25 March 2015

 

TOP