Simplocker Android Ransomware Now Better, Stronger
An example of Simplocker's new English-language lock screen. Credit: ESET.
Simplocker, the first encrypting piece of Android ransomware, has evolved since it was first discovered two months ago. It now targets U.S. residents, encrypts more files and takes greater control of an infected device.
Bratislava, Slovakia-based security company ESET said in a blog post yesterday (July 22) that the latest versions of Simplocker post messages in English rather than Russian and demand payment in U.S. dollars rather than euros or Ukrainian currency. Worse, the malware now tries to trick victims into granting it device-administrator privileges, making it harder to remove.
When it first appeared, Simplocker could encrypt images, documents and movies stored on an Android phone or tablet's SD card, rendering the files inaccessible. Now it also encrypts archives such as ZIP, 7z and RAR files. As ESET's Robert Lipovsky explained, many Android devices store backups in these file formats; having an attacker encrypt backups would be a problem.
Simplocker usually gets onto Android devices by pretending to be a media player or game, and now also asks users to let it become as a device administrator as it installs. ESET provided a screen shot:
An example of how a disguised Simplocker may ask for device administrater rights. Credit: ESET.
Like other "police Trojans," Simplocker puts up a screen masquerading as an official notice from law enforcement, telling the user he or she has been caught possessing illegal pornography and must pay a fine for the device to be "released." Now that Simplocker is in English, the notice looks as if comes from the FBI, and the fine is $300, payable via a MoneyPak voucher.
Fortunately, the encryption method is "not exactly NSA-grade," according to ESET, although the encryption key appears to have changed. If you've been infected with Simplocker, do not pay the ransom; instead, use ESET's Simplocker Decryptor App or a similar tool from Avast that can be downloaded remotely to a locked phone.
As a general rule, don't download apps from outside the Google Play store, especially from porn sites, which the Simplocker installer likes to hang out on. And never, ever give strange apps administrator privileges on your device.
- 9 Tips to Stay Safe on Public Wi-Fi
- Your iPhone Might be Rigged to Spy on You
- 12 Mobile Privacy and Security Apps