ESET Researchers Discover First-Ever Ransomware Misusing Android Accessibility Services

Next story

ESET researchers have discovered DoubleLocker, an innovative Android malware that combines a cunning infection mechanism with two powerful tools for extorting money from its victims.

“DoubleLocker misuses Android accessibility services, which is a popular trick among cybercriminals. Its payload can change the device’s PIN, preventing the victim from accessing their device and encrypts the victim’s data. Such a combination hasn’t been seen yet in the Android ecosystem,” comments Lukáš Štefanko, ESET Malware Researcher who discovered DoubleLocker.

On top of being ransomware, DoubleLocker is based on the foundations of a particular, already documented banking Trojan. According to Štefanko, the functionality for harvesting users’ banking credentials and wiping out their accounts can be added easily.  

“The additional functionality will turn this malware into what can be called ransom-banker,” warns Lukáš Štefanko, who claims he spotted a test version of such a ransom-banker in the wild in May 2017.

For more details, read an article on DoubleLocker at ESET’s official blog, WeLiveSecurity.

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 200 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter.