Android Phones Hit By New DroidLock Malware That Locks Users Out And Demands Ransom

A new type of Android malware is being used to attack Spanish-speaking users by preventing them from accessing their devices. The malware, called DroidLock, was highlighted in new research by mobile security firm Zimperium. According to the report, attackers are using phishing websites dressed up as legitimate Android download pages to trick users into installing fake apps. What looks like a regular app actually works as a dropper, quietly loading a second, malicious component in the background. Also Read: Always-On Location? What It Secretly Does to Your Phone

Once DroidLock is activated, it can take complete control of the device. The phone gets locked behind a ransom message telling the user that all files will be deleted within 24 hours unless a payment is made. While the malware does not encrypt data, researchers say it can change the device PIN, password or biometric settings, making the phone inaccessible. The malware also uses device administrator privileges to wipe data, mute notifications, and even capture photos through the front camera without the user’s knowledge. Also Read: Hackers Push Fake ChatGPT Atlas Browser Via Search Ads To Steal Passwords: Report

Researchers note that DroidLock displays a fake Android update screen to prevent users from interacting with the phone while it carries out malicious actions in the background. It can also record and transmit the victim’s on-screen activity to a remote server. However, Zimperium has not disclosed the number of devices affected or whether victims have paid the ransom demand.

Researchers had earlier raised concerns about Herodotus, a banking trojan discovered in October that mimics human gestures during remote-control attacks to avoid detection. Another strain, Sturnus, was recently found intercepting decrypted chats from apps such as WhatsApp, Telegram, and Signal.

Security teams have released a warning about DroidLock and encourage users to remain vigilant when downloading applications from untrusted sources. Users must verify the permissions required by an application before proceeding with installation.