Last year Symantec had found Android.Fakedefender, locks up the device just like Ransomware. The malicious app has been installed on device, user experience varies as the app has compatibility issues with various devices.Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files. Last week ESET discovered an interesting mobile trojan – the first spotting of a file-encrypting ransomware for Android by our detection engineers.
This malware, after setting foot on an Android device, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files.
The ransom message is written in Russian and the payment demanded in Ukrainian hryvnias, so it’s fair to assume that the threat is targeted against this region.
The first Android SMS trojans (including Android/Fakeplayer) back in 2010 also originated from Russia.
The malware directs the victim to pay using the MoneXy service for obvious reasons, as it is not as easily traceable as using a regular credit card.
Android/Simplocker.A will scan the SD card for files with any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES.
The Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress, the malware is fully capable of encrypting the user’s files, which may be lost if the encryption key is not retrieved.
No comments:
Post a Comment