Android Ransomware uses Google's Material Design to trick users

Malware devs are getting more creative and complex with their ransomwares. They even stole Google's Material Design and an open-source project to create the lockscreen's user interface which allows them to display fake legal notices and retrieved device logs to make their ransom letter look highly legit.


First of all, what's this Material Design that you speak of?
This was a design language developed by Google in 2014 to use grid-based layouts, responsive animations, depth efftects and spacing to provide a unified user experience across all of Google's services. Other developers can also implement this design to their apps by using Google's resources and open-source projects.


How does the malware dev create their fake user interface?
It seems like the malware devs have used MaterialDrawer, a popular open-source project used to build part of the lockscreen's 'Material Design'-based user interface.

What is this malware and how does it work?
Android.Lockdroid.E is a lockscreen ransomware created to use Google's Material Design to make the threat look very intimidating to the user.

Once the user installs Android.Lockdroid.E''s app, the malware will retrieve all of the infected device's logs(be it call logs, SMS activity, and browser activity) and then locks the infected device's screen by displaying a ransom notice on the lockscreen. The notice, which uses Google's Material Design, indicates that the user has accessed prohibited content and that their device logs have been captured by law enforcements. The notice even includes the infected device's retrieved log data as options in the lockscreen's menu to act as 'proof' that the user has been involved with illegal behavior.

Android.Lockdroid.E's Material Design implemented

The malware offers options which include: the ransom notice, fraudulent legal information and the gathered log data.

Android.Lockdroid.E's sample notice and gathered user logs

There are two ways a user can be infected with this malware:

• The user has downloaded a free software package on their device which includes a popular browser hijacker that redirects the user to sites that host the ransomware.
• The ransomware disguises itself as a legitimate video app, usually found on third-party app stores.

Article Refs: https://www.symantec.com/connect/blogs/android-ransomware-uses-material-design-scare-users-paying-ransom and https://en.wikipedia.org/wiki/Material_Design (ref. for Google's Meterial Design)