Menu
File-encrypting Android ransomware 'Simplocker' targets English-speaking users

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

The malware was updated to use FBI-themed alerts and encrypt backup files, researchers from ESET said

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.

The malware app is called Simplocker and was first identified by security researchers from antivirus vendor ESET in early June. At the time it was the first malicious program for Android devices that used file encryption to extort money from victims.

The original variant was indicative of a work in progress and displayed ransom notes exclusively in Russian, but that has changed recently. Simplocker is now being sold on underground forums and actively distributed to users, so it's no longer just a proof of concept, the ESET security researchers said Tuesday in a blog post.

A new variant found recently displays a message to victims in English that masquerades as an alert from the U.S. Federal Bureau of Investigation about illegal pornographic content being found on the device. The victims are instructed to pay a so-called fine of US$300 through a payment service called MoneyPak.

In addition to expanding the pool of potential victims by adding English language support, the new Simplocker version also has some other improvements, the ESET researchers said.

The previous list of file types encrypted by the malware included mostly images and documents. The new version also encrypts archive files with the .zip, .7z and .rar extensions.

"Many Android file backup tools (which we strongly recommend, by the way) store the backups as archive files," the ESET researchers said. "In case the user has become infected with Android/Simplocker.I, these backups will be encrypted as well."

So not only will users lose access to their documents and pictures, but they will be unable to restore them from backups stored on the same SD card.

The malware installer masquerades as a Flash video player application and requests to be granted device administrator permissions. This makes the new Simplocker much harder to remove once installed.

The good news is that Simplocker's authors haven't improved their encryption implementation, which relies on a hardcoded key and can therefore be undone. The new variant uses a different key than the original versions, but users are still able to recover their files without paying.

ESET has updated their free Simplocker Decryptor tool to add support for files encrypted by the new malware variant.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags mobilemalwaremobile securitymobile applicationsesetAndroid OS

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments