Overview
- DroidLock grants attackers full remote control via VNC, enabling screen streaming and use of the front camera.
- Deceptive overlays harvest screen unlock patterns and app credentials, allowing lockouts and persistent access.
- Researchers detail 15 command-and-control functions and abuse of Device Admin and Accessibility to wipe devices or change PINs and passwords.
- A ransomware-style WebView demands contact via a Proton email and threatens file destruction within 24 hours despite no file encryption.
- Zimperium shared indicators with Google, and Play Protect is reported to detect and block the malware on updated devices as users are urged to avoid sideloading.