New DroidLock malware threatens Android devices with full control

According to Silicon Angle, a new strain of Android malware dubbed "DroidLock" has been identified, capable of granting attackers extensive control over infected devices. This sophisticated threat leverages social engineering and elevated permissions to bypass security measures.

DroidLock is distributed via phishing websites, tricking users into installing a malicious dropper that then deploys the core payload. The malware aggressively seeks Accessibility Services and device administrator permissions. Once granted, it establishes remote command-and-control via HTTP and WebSocket connections. Unlike typical ransomware, DroidLock does not encrypt files. Instead, it employs coercion by locking devices, displaying fake system update screens, altering authentication credentials, and threatening data loss. It can also harvest credentials through fake login overlays, capture screen activity, activate the device camera, and uninstall applications. While currently targeting mainly Spanish Android users, its advanced capabilities represent a significant threat.

The emergence of DroidLock highlights a concerning evolution in mobile malware. Android users are advised to avoid untrusted app sources and be wary of permission requests. Enterprises should implement robust mobile threat detection, continuous behavioral monitoring, and strong endpoint protection to mitigate risks associated with such advanced mobile threats.

Source: Silicon Angle