Watch out pervs: Ransomware holds Android phones hostage

large_6225189039Bad guys have cooked up the first strain of file-encrypting ransomware targeted at smartphones running Android.

Called Android/Simplocker, the malware was spotted by the security firm ESET. Researchers say it works by scanning Android phone’s SD cards looking for certain types of files, before encrypting them and demanding payment to release the data.

The origins of this malware are a dead giveaway, as the ransom demand is written in Russian and payment is demanded in Ukrainian currency. The trick is similar to that of ransomware seen on PCs, with victims being accused of “viewing and distributing child pornography, zoophilia and other perversions”, says ESET. As a result, ‘law enforcement’ has locked-down the phone and demanded payment of a ‘fine’ as punishment for these misdemeanors.

The “unlock fee” is pretty cheap though, as the hackers demand a princely sum of just $16. That’s far less than the $300 demanded by notorious PC ransomware CryptoLocker. In the case of Android/Simplocker, payment has to be sent via the MoneXy eWallet service, which is notoriously difficult to trace.

ESET says the malware is pretty basic, and is likely just a proof-of-concept, which means the creators will probably come up with something nastier later on. However, ESET’s researchers admitted they don’t really understand how the malware spreads. A sample that they probed was discovered in an app called “Sex xionix”, which suggests Android/Simplocker is a Trojan that disguises itself as a legitimate app.

Android/Simplocker is more advanced than another nasty that made headlines recently, the fake security app called Virus Shield, which does absolutely nothing but cost money. It’s also pretty difficult to get rid of, as peg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp and mp4 files are all encrypted with AES. ESET suggests backing up your phone regularly so these files can be recovered.

More information on the threat, including screenshots, can be found at the WeLiveSecurity blog.

RELATED:  DressCode Trojan malware discovered in over 400 Google Play Android apps
photo credit: via photopin cc

Mike Wheatley

Mike Wheatley is a senior staff writer at SiliconANGLE. He loves to write about Big Data and the Internet of Things, and explore how these technologies are evolving and helping businesses to become more agile.

Before joining SiliconANGLE, Mike was an editor at Argophilia Travel News, an occassional contributer to The Epoch Times, and has also dabbled in SEO and social media marketing. He usually bases himself in Bangkok, Thailand, though he can often be found roaming through the jungles or chilling on a beach.

Got a news story or tip? Email


Join our mailing list to receive the latest news and updates from our team.


Join our mailing list to receive the latest news and updates from our team.
Share This

Share This

Share this post with your friends!