A dangerous new Android malware is actively targeting users worldwide. Called DroidLock, this malware locks smartphones and demands a ransom from victims. Security researchers recently discovered this sophisticated, quiet threat. It uses device-locking tactics and extortion messages to coerce payments.
The malware threatens to erase data or render the device completely unusable. Victims receive a deadline, often within 24 hours, to pay the ransom. DroidLock primarily spreads through deceptive phishing websites and fake applications. These appear legitimate but trick users into installing a malicious “dropper” program.
Once installed, the malware seeks extensive permissions on the device. It aims to take full control of the phone’s screen and security settings. Unlike traditional file-encrypting ransomware, DroidLock uses a different method. It deploys a ransomware-style overlay that blocks the entire user interface.
🚨 New DroidLock Malware Locks Android Devices and Demands a Ransom Payment
Source: https://t.co/jV7Nc4EuoC
A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites.
This threat combines… pic.twitter.com/VHXv8jFgQJ
— Cyber Security News (@The_Cyber_News) December 12, 2025This overlay impersonates a critical system message. It instructs victims to contact the attacker via a specific email address. They must provide their device identifier to begin the extortion process. Analysis by mobile security firm Zimperium reveals additional malicious capabilities.
DroidLock can change the device’s lock pattern, password, or biometric settings. This makes it extremely difficult for victims to regain access independently. The malware may also secretly record screen activity. It can even activate the camera to capture images for further blackmail.
⚠️ThreatLabz has identified another malicious Android app in the Google Play Store that is still currently live with over 50K downloads. The app is disguised as a document reader / file manager, but actually downloads the Anatsa trojan. The IOCs below can be used to identify this… pic.twitter.com/XlhXvgv5Ko
— Zscaler ThreatLabz (@Threatlabz) December 8, 2025The emergence of DroidLock highlights the rapid evolution of mobile threats. These threats are increasingly capable of bypassing default device security guardrails. To protect against such malware, experts urge users to follow key security practices.
Avoid installing applications from untrusted third-party sources. Do not click on unknown or suspicious links received via messages or email. Always keep your device’s operating system up to date with the latest security patches. These simple steps significantly reduce the risk of infection.
