Security researchers from SfyLabs have detected an Android banking trojan dubbed LokiBot that transforms itself into a complete ransomware once the targeted user attempts to uninstall it from the infected device.
LokiBot malware has been in the news since June and its makers have been pushing out new features almost every week.
Once the malware infects an Android device, it begins displaying overlay screens on top of banking and other common applications in an attempt to fool users into handing over their data. The malware targets about 100 banking apps and popular applications such as WhatsApp, Skype and Outlook.
According to researchers:
LokiBot, which works on Android 4.0 and higher, has pretty standard malware capabilities, such as the well-known overlay attack all bankers have. It can also steal the victim’s contacts and read and send SMS messages. It has a specific command to spam all contacts with SMS messages as a means to spread the infection.
The researchers also said that the malware has an option to lock the phone preventing the user from accessing it. It does that by locking the infected device, encrypting all of its files and asking for a ransom of $70 – $100 in Bitcoin within 48 hours.
Users are recommended not to install third-party apps or useless apps on their device.