Researchers have discovered what could be the first piece of Android ransomware that encrypts the user’s content on their mobile device before demanding a ransom payment so the victim can regain access to their files.
The new Android Ransonware was discovered by Robert Lipovsky, a researcher from ESET, who posted about the new threat, and outlined the previous examples of Android ransomware.
“The situation has changed however, with this most recent discovery, last weekend, of an Android trojan, detected by ESET as Android/Simplocker,” said the researchers. “This malware, after setting foot on an Android device, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files.”
Android/Simplocker however displays a message in Russian which demands a payment of approximately $21 (£12.54). According to Lipovsky, because the payment demand is in Ukrainian hryvnias, the threat is likely targeted against this region.
“Warning, your phone is locked,” says the ransom demand. “The device is locked for viewing and distribution child pornography, zoophilia and other perversions.”
To unlock you need to pay 260 UAH,” the note reads, before providing payment details. “In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!” It promises to unlock your device within 24 hours if payment is made.
And interestingly, it seems that Android/Simplocker.A will also contact its Command & Control server hosted on a TOR domain, and send identifiable information from the device such as IMEI numbers, device models, product and hardware manufacturers, and operating system versions.
Lipovsky says that the ransonware was detected on an app called ‘Sex xionix’, but because this was not found on the official Google Play store, its prevalence should be very low.
It is not clear at this stage what versions of Android are vulnerable.
Last month, BitDefender Labs warned that a new piece of Ransomware known as Koler.A is affecting Android smartphones and tablets. Users browsing porn websites are apparently tricked into installing the application, which poses as a premium video player under the name “BaDoink”.
Once installed, Koler.A uses the device’s IMEI number to find the device’s home location, and sends a message purporting to come from a local police force, which claims the user has accessed “banned pornography” including child porn, and demanding $300 to reactivate the phone.
Earlier this week, Apple’s CEO Tim Cook used his keynote speech at Apple’s Worldwide Developers Conference (WWDC) in San Francisco to lambast Android, saying that many Android users were not using the latest Android OS, which exposes them to all types of security risks because Android “dominates the mobile malware market.”
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…