UPDATED 00:12 EST / MAY 11 2017

INFRA

New variants of SLocker Android malware target corporate data

A form of ransomware that ran riot across Android apps in 2016 has returned, with more than 400 new versions found in the wild.

SLocker is a form of ransomware that targets employee and corporate data. It was notable when it was discovered not only because it infected thousands of Android devices but also because it was the first Android ransomware to use encryption when hijacking files.

The new versions of SLocker were discovered by mobile security firm Wandera Inc. which found that they’re targeting corporate mobile device fleets through app stores. Described by the company as being “polymorphic,” the new strains are said to have been redesigned to avoid all known detection techniques by using a wide variety of disguises, including altered icons, variations in package names, unique resources and executable files.

Like the old version, the new variants also encrypt files on an Android device, then later demand a ransom in return for a decryption key. However, some variants have expanded further and now can take over administrative rights, giving hackers access to a victim’s microphone, speakers and camera.

“Attacks against the mobile enterprise are becoming increasingly more sophisticated. In an effort to evade detection, attackers have created variations and permutations of their exploits, knowing that security tools struggle to identify each new version,” Wandera Vice President of Product Strategy Michael Covington said in a statement sent to SiliconANGLE. “As a result, defensive solutions must embrace data science and machine learning technologies in order to surface new insights and stay one step ahead of the attackers and zero-day threats.”

Wandera estimates that in 2016, SLocker managed to obtain ransoms from affected companies and users in excess of $10 million. The security firm did not put a figure how much had been paid out as a result of the new versions.

Photo: Christiaan Colen/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU