Sixty-seven percent of Android devices are prone to a newly discovered ransomware variant – the first to employ “clickjacking” as a way to fool users into giving away their administrator rights, Symantec warned today in its Security Response blog.
The malware, Android.Lockdroid.E, is disguised as a porn app called Porn ‘O' Mania. When users download the app, the malware pulls up the phone's system activation dialogue, but hides it behind a fake window asking users to commence a package installation.
Using more fake window overlays, the malware tricks users into clicking on the button that grants admin rights to the malware. This clickjacking technique allows the ransomware to execute a more aggressive extortion attack against the victim, as now the malware can not only encrypt files, but also lock the device, change its PIN and delete user data through a factory reset.