The “SpyLocker” Malware in Android – What you Need to Know


The SpyLocker Malware is the latest threat to Android users and we’ve detailed the information you need to know, to help you keep your device protected. Additionally, our latest app will help you scan, detect, and remove SpyLocker malware if your device is infected. You can download it here

What is SpyLocker Malware?

A few days ago, SpyLocker (SpyAgent), a new Android banking malware that targets customers of large banks in Australia, New Zealand and Turkey, was detected. This banking malware steals login credentials from 20 mobile banking apps using fake login screens.












SpyLocker (SpyAgent) is a new and sophisticated Android threat that collects data on your device and sends it to a server. SpyLocker passes itself off as “Flash Player” with a legitimate icon. This malware generates an overlay to cover the launched banking application login screen. It behaves like a lock screen, which can’t be skipped unless you enter your online banking credentials. Once you enter your bank details and passwords, the information is recorded and passed to the server of cybercriminals. SpyLocker not only focuses on mobile banking apps, but also tries to obtain your Google, Skype, eBay, and PayPal account credentials. The malware can even bypass two-step authentication by sending all received texts (SMS) to the server. This allows the attacker to intercept all text messages from the bank and immediately remove them from the client’s device, so as not to attract any suspicion.

If attempts to delete the fake Flash Player are made, a false overlay message will claim that the “Administrator will be deactivated”. This false warning blocks access to deactivate the device administrator privilege so you will not be able to complete the uninstall.

What versions of Android are affected?

SpyLocker malware can affect all Android devices running Froyo 2.2 or above. New variants are being discovered, which can target even the latest devices.

How does McAfee SpyLocker Remover work?

McAfee SpyLocker Remover is designed to scan your Android device and remove SpyLocker malware if detected. If the fake Flash Player is found, you will be redirected to deactivate the Device Administrators privilege for malware. McAfee SpyLocker Remover will prevent the malware from blocking access to the Device Administration list. Once you successfully deactivate the Flash Player from the list, you can uninstall the malware via Settings > App/Application Manager > Flash Player > Uninstall.







How should I determine if my device is vulnerable?

There are few ways to confirm if your Android device is infected with SpyLocker malware:

  1. Download McAfee SpyLocker Remover and initiate a device scan. The scan will alert you if your device is infected.
  2. Check Device Administrators found under Settings > Security >Device Administrators and look for Flash Player. If you can’t remove it from the administrators list and you are blocked by an overlay screen, your device is infected. 

Additional Protection

Although SpyLocker malware is only available from untrusted third party sources, your device may still be infected if you accidentally download malware by clicking suspicious URLs. McAfee Mobile Security provides real-time protection to detect malware and alerts you if you need to remove the malware. To stay protected from a variety of mobile attacks, including SpyLocker, download the McAfee Mobile Security:












To keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.




Leave a Comment

three × 1 =