Android smartphones attacked by a blocker acting on behalf of the Russian Interior Ministry

Wednesday, October 14, 2020, 10:50 GMT

On behalf of the Ministry of Internal Affairs, the MalLocker. B blocker abuses the mechanisms of the operating system to obstruct the device’s screen with an unrecoverable warning requesting a fine for supposedly accessing illicit pages.

The malware blocks Android smartphones with a fake message from the Ministry of Internal Affairs

Threats on the Ministry of the Interior ‘s behalf

Microsoft’s information security specialists have warned about the discovery of a recent Android malware blocker that compromises some of the functions of this operating system. It is interesting that, on behalf of the Russian Ministry of the Interior, the letters demanding a ransom (‘fine’) were written in Russian.

AndroidOS / MalLocker. B uses the function of displaying data on the source of incoming calls for its own purposes: the malware displays a window that completely covers the display of the smartphone. The onUserLeaveHint) (feature is then used, and is named as the user attempts to carry the current program to the background and to move to another one, i.e. if the Home or Recent buttons are pressed.

Ultimately, the user is trapped on the computer with a ransom page, from which they do not switch somewhere or something. Fortunately, the knowledge is not protected by the malware, it just blocks the computer.

The ransom demand itself seems to be an indictment of visiting child abuse sites, accompanied by a demand for a fine in exchange for the “criminal case” being closed.

MalLocker. B is circulated on forums and unauthorized shops of numerous dubious apps. Luckily, those games have not made it to Google Play.

Non-original strategy

In this situation, the cybercriminals did not invent: fake letters allegedly from law enforcement officials are so widespread that it is almost shocking that someone else fell for such a primitive trick,” says Anastasia Melnikova, SEC Consult Services’ information security specialist.” — However, the sequential operation of two operating system mechanisms at once to lock the computer is just a very initial and productive solution. Another thing is that not being targeted is easy: it is enough to comply with simple mobile device security requirements and not install anything from unverified sources.