ESET Discovers First Android PIN-setting Ransomware Spreading in North America

Next story
LockerPIN resets the device’s PIN, locks the screen and demands a $500 ransom

Researchers from ESET, a global leader in IT security for more than two decades, discovered the first in the wild Android PIN-setting ransomware.

“Based on ESET’s LiveGrid® statistics, 75 percent of the infected Android devices are in the U.S.,” says ESET Detection Engineer Lukáš Štefanko. “This is part of a trend where Android malware writers are shifting from mostly targeting Russian and Ukrainian users to Americans where they can arguably make higher profits.”

LockerPIN spreads via unverified third party app stores, warez forums and torrents. After a successful installation, the Trojan horse tries to obtain device administrator privileges by overlaying the system message with its own window and masquerading as an “update patch installation.”

Even if the Trojan is removed, there is no simple way to change the PIN for unrooted devices that aren’t protected by a security solution. The only solution is a factory reset, which results in loss of all data.  To add insult to injury, even if the user  pays the ransom, the attackers cannot unlock the device as the PIN is set randomly.

To prevent infection, ESET strongly advises using an Internet security solution designed specifically for Android smartphones and tablets, such as ESET Mobile Security. Users should also regularly back-up their files and only download apps from certified app stores, such as Google Play or Amazon App Store.

“You can save a few dollars by downloading the application from unverified sources, but always keep in mind it can result in data or privacy loss, usually of a much bigger emotional or financial value,” adds  Štefanko. Read more about #LockerPIN on and follow the evolving story on social media using hashtag #LockerPIN.
About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter.