DoubleLocker is the first-ever ransomware to abuse the Android accessibility feature that implements alternative ways to interact with a mobile device.

DoubleLocker, the name says it all, is a new malware that not only encrypts the Android mobile devices but also changes PIN lock, making it almost impossible for victims to get their files back without paying a ransom.

How does DoubleLocker get to Android users?

This horrible strain of Android ransomware, according to the researchers who detected it in May, is distributed as a fake Adobe Flash Player update via compromised websites.

Once downloaded onto the device, the fake Adobe Flash app asks for activation of ‘Google Play Services’ exploiting a series of permissions via accessibility services.

How does it work?

After the malware obtains the accessibility permissions, it uses them to grant itself admin rights to the phone. Then it sets itself as the default Home application without the user’s consent.

As soon as the home button is pushed, the malware activates itself and launches two separate attacks. One attack is to change the device’s PIN, making it impossible for victims to access their device. In addition to the PIN change, the malware also encrypts all the data it has access to on the device.

DoubleLocker, then, presents a home screen message detailing how victims can pay the ransom to get their files back.

How To Remove DoubleLocker Malware

As of now, the only way to get rid of the malware is through a factory reset, which means of course that all files are lost.

How to protect your device

Always be sure you know what you are downloading onto your device, and be extremely careful about what permissions you’re granting your applications.