JAKARTA - The threat of cyber security on Android devices is increasing again. A variant of ransomware called DroidLock is reported to have started targeting Android users with an unusual method: instead of encrypting files, it takes full control of the phone and makes it a digital surveillance tool.
The report of the cybersecurity company Zimperium states that DroidLock spreads through phishing sites that masquerade as official applications belonging to telecommunications operators or well-known brands. Currently, the main target of this malware is Spanish-speaking users, although researchers assess that its potential for spread could extend to other regions.
Once installed, this malicious application requests Accessibility Services and Device Administrator permissions. These two permissions provide high-level access to the Android system. Once the permissions are granted, the attacker practically holds full control over the victim's device.
English:
Unlike conventional ransomware, DroidLock does not encrypt files. This malware uses screen overlays and abuses administrator rights to lock the screen, change the PIN, delete data, and enable remote control via VNC.
The victim will see a message on the screen demanding a ransom payment via email within 24 hours, accompanied by threats of permanent data loss.
The threat does not stop there. DroidLock is also designed to steal banking credentials by recording the user's screen, including capturing one-time passwords (OTP). This malware can even turn on the camera, spy on user activity, mute calls, and perform a factory reset remotely. In practice, the victim's phone turns into a spy device.
Security experts emphasize that prevention remains key. Users are advised to only download apps from the Google Play Store, check developer reviews, and pay attention to the permissions the app requests before installation. The Accessibility Services permission needs special attention because it gives extensive control over the device.
In addition, keeping the Android operating system up to date is very important because regular updates bring security patches to close the gaps that malware can exploit. Users are also asked to be alert to suspicious links sent via email or messaging apps, as well as avoid downloading APK files from untrusted sources.
For companies, the risk of DroidLock is considered more serious because infected devices can intercept corporate OTPs or delete important work data. Although there is no completely immune protection, simple digital discipline can be an initial fortress. In an era when mobile phones are personal safes, one wrong permission can lead to full control in the hands of cyber criminals
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
