This Android ransomware accuses you of watching child porn

Security

by Jimmy Nicholls| 22 July 2014

New English edition of trojan now comes with friendly warning from the FBI.

SimpleLocker ransomware for Android has been given an English release following a significant update, according to security firm ESET.

A variant of the trojan discovered by the company locks mobile phone files before showing a fake warning from the Federal Bureau of Investigation (FBI) and demanding victims pay $300 to avoid criminal charges of child and animal pornography.

Robert Lipovsky, security intelligence team leader at ESET, said: "From a technical perspective, the file-encrypting functionality remains virtually unchanged, apart from using a different encryption key, but this recent SimpleLocker variant does contain two additional tricks to make the victim's life more miserable."

According to ESET the virus is now able to encrypt archives such as Zip, 7z, and RAR, a particular problem since backup tools are often stored inside such files.

It also asks for administrator privileges while being installed, potentially giving it the power to alter password policies or remotely wipe other devices, according to Lipovsky.

"As usual, the trojan will use social engineering to trick the user into installing it," he said, showing a screenshot of the virus posing as a Flash video player.

"Our Android SimpleLocker detection statistics until today don't indicate the threat to be widespread in English speaking countries," he added.

A proof of concept for the malware was originally released in June targeting Russian and Ukrainian mobile users, and has since been circulating on underground forums.

Following its release Sussex University student Simon Bell decrypted the ransomware, after spotting the password hidden in the code.

"Future versions of the ransomware will probably not reveal the decryption password so easily and will likely receive it from the C&C [command and control] server," he said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.