Emerging Threats

New variant of Android ransomware takes advantage of the lockscreen's user interface

Written by a NortonLifeLock employee


A new variant of Android ransomware has been discovered, which is displayed on the lockscreen’s user interface (UI). This threat,Android.Lockdroid.E, creates a lockscreen that appears more sophisticated and official by displaying fraudulent legal notices coupled with personal information gathered from the device. By using the information collected the ransom notice appears personally tailored to the victim. The malware also uses this flaw to display the personal data that it collects through an easy-to-access, official looking menu. These elements help the ransomware intimidate the victim into making the payment.

Android.Lockdroid.E compromises devices in one of two ways:

  • The user downloads a free software package on their device, which includes a popular browser hijacker. This hijacker then redirects the victim's search results to compromised sites hosting the Android ransomware.
  • The ransomware is disguised as a legitimate video app and is made available on unofficial app stores.

Once the Trojan has gained access to the device and is executed, it collects as much personal information it can upon launch. The sensitive information that is collected includes call records, SMS activity, and browser history. Once collected, the threat will then lock the device from use, using the new ransom notice on the lockscreen. The ransom then claims that the user has accessed prohibited content and that their device logs are in law enforcement’s custody.

Android.Lockdroid.E is not present or spread through the Google Play store, and is another example of why users should only download Android apps from a trusted source.

How To Stay Safe From This Threat

  • Keep your device’s software up to date.
  • Do not download apps from untrusted and unfamiliar sites.
  • Pay close attention to the permissions requested by an app. If it seems illogical that an app would request access to a part of the phone not needed for the app to function, such as a flashlight app requesting access to your address book, you might want to think twice about downloading that app.
  • Install a suitable mobile security app.
  • In the event that ransomware strikes, make sure you have made frequent backups of important data.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.