Mobile malware accepts iTunes gift cards as ransom

Mobile malware accepts iTunes gift cards as ransom

Under the guise of real applications for Android devices is widely distributed mobile extortion Android/Locker.B The principle of this extortion is changing the PIN of the lock screen.

Android/Locker.B refers to a family of malicious programs that block access to the operating system of a device that has undergone a virus attack. The malware is masked for different applications: Dropbox or Flash Player, program for working with the camera in WhatsApp or antivirus for Android.

After installing on a smartphone or tablet, a malicious application requests administrator rights to the device. Having received the necessary permissions, the malware block access to the operating system, changing the PIN of the lock screen. Further Locker.B displays a demand for redemption, designed in the classic style of "police extortionists."


The amount of redemption varies - 25 or 50 dollars or euros. It is interesting that the attackers take ransom with iTunes gift cards and provide victims with detailed instructions for their purchase and use.

This version of the extortionist is most active in Latin America especialy in Mexico. Nevertheless, it will not be difficult for attackers to reorient the threat to other regions.

Recommendations for the prevention of infection:

  • Download software only from Google Play, because most malware is distributed through third-party sites
  • check user reviews and application rating - malicious programs are placed in the store for a short time and do not have time to collect a lot of downloads
  • disable the ability to install applications from unknown sources
  • pay attention to requests for device administrator privileges or activation of the Accessibility Service
  • use reliable anti-virus software