Here’s something new to worry about over the holidays. Android ransomware attacks have now started — yes, you read that right. Your phone is instantly locked down, “leading to a total takeover.” You’re then issued “a severe warning — failure to comply before 24 hours will result in the destruction of all files in the device.”
The warning comes courtesy of Zimperium, whose zLabs team discovered the new threat. Initially targeting users in Spain, “DroidLock, a malware more accurately classified as ransomware, propagates via phishing websites.”
CISA Warns Microsoft Windows Users—Log Out And Shut Down
Not only does this new ransomware attack threaten to destroy the data on your phone, it can also hijack the front camera and stream your panicked expression live to its handlers. The good news is that you can stop this threat before it takes over your device with one simple, golden rule — never grant any app Accessibility permissions.
As I’ve warned before, these are administrator rights intended for apps to cater for users with specific, special needs. In the wrong hands, they allow all kinds of nasty tricks. In this case, that includes “locking or erasing data, capturing the victim’s image with the front camera, and silencing the device.” But it could read messages and steal contacts.
You Should Stop Texting On Your iPhone Or Android Phone Now
Zimperium says “unlike typical ransomware,” DroidLock “does not actually encrypt files, however, it does have the capability to wipe the device.” And it can “change the PIN, password or biometric information for preventing user’s access to the device.”
This combination of Android and ransomware will generate plenty of headlines over the coming days. But unlike ransomware attacks on PCs and enterprise networks, this is specifically targeted at your device. The usual app rules will keep it at bay, and if you are infected, then the attack is contained.
Is Your Boss Using New Microsoft And Google Updates To Spy On You?
Don’t install apps from outside Play Store. Keep Play Protect enabled at all times. Don’t click links or unexpected attachments in emails or messages. And never log into a website or other platform via any kind of link.
