Anyone out there still trust Adobe Flash Player? "DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them – a combination that has not been seen previously in the Android ecosystem. [...] It is distributed mostly as a fake Adobe Flash Player through compromised websites. First, it changes the device’s PIN, effectively blocking the victim from using it. The new PIN is set to a random value which the attackes neither store nor send anywhere, so it’s impossible for the user or a security expert to recover it. After the ransom is paid, the attacker can remotely reset the PIN and unlock the device. Second, DoubleLocker encrypts all files from the device’s primary storage directory. It utilizes the AES encryption algorithm, appending the extension “.cryeye”. “The encryption is implemented properly, which means that, unfortunately, there is no way to recover the files without receiving the encryption key from the attackers,” says Štefanko. https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-ma... -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es