New Banking Malware Reverts To Ransomware When You Try To Remove It

We’ve discussed this before. Sometimes, however, we need a reminder. If you install applications on any of your devices and they ask for administrator permissions, you should think long and hard about whether or not that app needs so much access. A new Android banking Trojan, being called LokiBot uses the administrator access that is given when a user is duped into using a fake login screen for various mobile banking apps. And when the user figures it out and tries to remove administrator access, LokiBot morphs into ransomware and locks up the device.

There are very few instances where administrator rights are needed for an application to function properly. In most cases, those are never needed and should not be granted unless you are absolutely sure it is necessary. Administrator rights are basically the keys to your mobile device castle. It allows access to everything. There is no reason the vast majority of apps need those permissions, so don’t grant them. It’s easy to just hit the “next” button and rush through an installation, particularly when you’re busy or in a rush. Just take a minute to consider what an app is requesting so you don’t give up your banking credentials or other sensitive data to a cyberthief.

In addition, back up your devices to your computer, to the cloud, or to an external device. After the initial setup, this usually takes only a few minutes and can save you a lot of headaches if you end up with ransomware on your smartphone or tablet. If you don’t know how to do this, ask a technical support representative that is knowledgeable about your device.

Fortunately, the implementation of LokiBot is poorly done, according to SfyLabs and it doesn’t encrypt the files. The bad news is that it still locks up the screen with a note to pay between $70 and $100 to unlock it. Should this happen to you, don’t pay the ransom. Instead reboot the device into Safe Mode and remove the LokiBot admin user and the infected app.

LokiBot also targets popular apps such as Outlook and the chat app WhatsApp. So always be on alert when installing or using your apps.

© Copyright 2017 Stickley on Security