Zimperium experts have identified a new malicious campaign targeting Android users.
The detected Trojan, DroidLock, combines ransomware and spyware functions. According to specialists, it spreads through fraudulent websites masquerading as legitimate applications, using a two-step infection scheme. After installation, the software deceitfully gains administrator rights and access to special device capabilities.
The Trojan predominantly targets Spanish-speaking users and can change PIN codes, biometrics, and remotely control the device. Additionally, DroidLock intercepts graphical passwords, records audio, and steals SMS and call contents.
Unlike classic encryptors, DroidLock does not encode files but threatens their physical deletion. Upon command from the server, a ransom demand window appears on the screen.
Researchers have already notified the Android security team, and the Google Play Protect system has learned to recognize and block this threat.
Experts strongly recommended avoiding the download of APK files from third-party resources and being critical of applications requesting device administrator rights.#Write2Earn
