
Named AndroidOS/MalLocker.B, the ransomware is hidden inside Android apps offered for download on online forums and third-party websites.
Android ransomware can nonetheless abuse accessibility options or use mapping methods to attract and redraw overlay home windows.
The ransomware Microsoft noticed, which it calls AndroidOS/MalLocker.B, has a unique technique. It invokes and manipulates notifications supposed to be used whenever you’re receiving a cellphone name.
The researchers additionally found a machine studying module within the malware samples they analyzed that could possibly be used to routinely dimension and zoom a ransom word primarily based on the scale of a sufferer’s gadget show. Given the variety of Android handsets in use all over the world, such a characteristic can be helpful to attackers for guaranteeing that the ransom word displayed cleanly and legibly. Microsoft discovered, although, that this ML element wasn’t really activated inside the ransomware and should be in testing for future use.
This Ransomware abuses in 2 steps . First abusing the call notification function and secondly push notifications and app switch over function

Microsoft researchers discovered that the ransomware was designed to masks its capabilities and function. Each Android app should embrace a “manifest file,” that comprises names and particulars of its software program elements, like a ship’s manifest that lists all passengers, crew, and cargo. However aberrations in a manifest file are sometimes an indicator of malware, and the ransomware builders managed to depart out code for quite a few components of theirs.
As an alternative, they encrypted that code to make it even more durable to evaluate and hid it in a unique folder, so the ransomware might nonetheless run however would not instantly reveal its malicious intent. The hackers additionally used different methods, together with what Microsoft calls “title mangling,” to mislabel and conceal the malware’s elements