DoubleLocker attacks Android devices

Android users beware: new ransomware is attacking Android gadgets
13 October 2017   2577

Developers of antivirus software from ESET have discovered the first encoder for mobile devices based on Android, which extorts ransom in bitcoins for unlocking the screen. Information about this company was published in the official blog on Habrahabr.

DoubleLocker interface
DoubleLocker interface

Malicious software called DoubleLocker is developed on the basis of a bank trojan, however it is not interested in the victim's finances.

DoubleLocker does not have the functions of collecting user's bank data and erasing accounts, instead it provides tools for extortion. Malware can change the PIN of the device, blocking victim access, and also encrypts all files in the main storage device - we first see such a combination of functions in the Android ecosystem. 

ESET team

 DoubleLocker encrypted files
Files, encrypted by DoubleLocker

DoubleLocker is distributed through compromised sites under the guise of updating or activating Adobe Flash Player. Once on the device, the malware gets the necessary permissions under the guise of enabling the false service Google Play Service.

To unlock the gadget, cybercriminals demand 0.0130 BTC (around $73 at the press time), threatening otherwise to destroy all the data after 24 hours. Nevertheless, according to the, bitcoin-wallet of DoubleLocker is still empty.

DoubleLocker wallet
DoubleLocker wallet

To get rid of DoubleLocker, ESET team recommends:

  • Unplugged device that does not have a mobile device management solution capable of resetting the PIN: the only way to get rid of the lock screen is to reset it to the factory settings.
  • Routed device: the user can connect to the device via ADB and delete the file in which the PIN-code is stored. To do this, user must enable device debugging (Settings - Developer options - USB debugging). The lock screen will be deleted and the user will get access to the device. Then, working in safe mode, the user will be able to deactivate the device administrator rights for the malware and delete it. In some cases, a reboot of the device is required.

Frontend News Digest 1 - 7.02

How to Create a WP Site with JAMstack, formatting dates in JS with Intl.DateTimeFormat, Edge DevTools now supports more languages and more
07 February 2020   366

Greetings! I hope your week went great! Here's new frontend technologies news digest.

Check the MongoDB One-to-Many Relationship tutorial with Mongoose examples, the CO2 emission of the websites new NodeJS update and other interesting things


  • How To Create A Headless WordPress Site On The JAMstack

Tutorial on simple way to create a WordPress site

  • MongoDB One-to-Many Relationship tutorial with Mongoose examples

Guide about Mongoose - the most popular way to use MongoDB from Node.js.

  • Formatting dates in JavaScript with Intl.DateTimeFormat

Check the modern way to format dates in a region friendly way using native APIs, as now supported all major browsers and both Node


  • CO2 emissions on the web

Learn the lever of CO2 emissions websites produce by consuming a lot of energy for its activity

  • Bringing the Microsoft Edge DevTools to more languages

Now Edge's DevTools support more languages


  • Chrome 80 - What’s New in DevTools


  • massCode

Snippets manager for developers

  • micro-jaymock

Tiny API mocking microservice for generating fake JSON data

  • Node v13.8.0 (Current)

Another update of popular solution

  • Electron 8.0.0

Major release of popular JS based solution