New Android Threat: “DroidLock” Malware Spreads Through Fake Apps and Can Take Over Your Phone

A dangerous new Android malware named DroidLock is spreading through fake apps—and it can completely take control of your device. Security researchers warn that DroidLock can lock your phone, demand ransom, steal personal data, and even wipe everything on your device.

What Is DroidLock? A Fast-Spreading Android Malware

Cybersecurity experts at Zimperium discovered the malware, noting that it is currently targeting Spanish-speaking Android users. The attack begins with fake websites that promote harmful apps disguised as safe downloads.

Once installed, these apps silently deliver the real malware onto the user’s phone.

How the Infection Works

The attack uses a dropper app that tricks users into installing a second, malicious app. Once the malware is in place, it asks for Device Admin and Accessibility permissions—settings many users grant without realizing the risk.

With these permissions, DroidLock gets full control of the device, allowing it to:

Lock the screen

Change the PIN, pattern, or password

Disable biometric unlock

Wipe all data

Use the camera

Mute the phone

Uninstall apps

Trigger a factory reset

This makes it nearly impossible for victims to regain access.

you may also like to read Microsoft Faces Backlash for Leaving

15 Powerful Commands Make DroidLock Extremely Dangerous

Researchers say DroidLock supports 15 different remote commands, including:

Screen overlays

App blocking

Fake notifications

Ransomware activation

The most alarming feature is its ransomware mode, which displays a WebView warning telling victims to contact the attacker via ProtonMail. The message claims files will be deleted within 24 hours unless a ransom is paid.

Although DroidLock does not encrypt files, it can still lock the victim out of their phone—creating intense pressure to pay.

DroidLock Can Steal Your Unlock Pattern

One of its most advanced capabilities is the ability to steal lock patterns. It does this by placing a fake lock screen overlay over the real one. When the user draws their pattern, the malware records it and sends it to the attacker.

With this information, the attacker can remotely access the device using VNC tools and take full control at any time.

Google Takes Action—but Some Users Are Still at Risk

Because Zimperium is part of Google’s App Defense Alliance, the company quickly shared its findings. Google has now updated Play Protect to detect and block DroidLock.

However, users with outdated devices or those who download apps from outside the Play Store remain vulnerable.

How to Protect Your Android Device

Experts recommend the following safety steps:

Avoid installing apps outside the Google Play Store

Review app permissions carefully

Run regular Play Protect scans

Keep your device updated

Stay alert when apps request admin or accessibility access

you may also like to read DDR5 RAM Prices Explode: Scalpers Push Some Kits Over $2,000

Stay Vigilant—Mobile Threats Are Evolving Fast

DroidLock is another reminder of how quickly mobile malware is advancing. Android users should stay cautious, download only trusted apps, and regularly review their device’s security settings.