Security researchers at Slovakia-based Eset have warned Android users to be on their guard for the first file-encrypting piece of malware to target the Google mobile platform.
Dubbed Simplocker, the ransomware's appearance comes hot on the heels of a warning from security firm Trend Micro that criminals have expanded their ransomware campaigns to target Google Android smartphones and tablets.
"This malware, after setting foot on an Android device, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files," Eset said.
"After launch, the Trojan will display the following ransom message and encrypt files in a separate thread in the background."
The displayed message is in Russian and demands payment in Ukrainian hryvnias. It goes on to say that once payment is made, the handset will be unlocked within around 24 hours. Victims are asked to pay the ransom using MoneXy services.
"The malware is fully capable of encrypting the user's files, which may be lost if the encryption key is not retrieved," Eset explained.
"While the malware does contain functionality to decrypt the files, we strongly recommend against paying up – not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them."
The researchers said they had been expecting such an attack for some 12 months. "Almost exactly one year ago, a hybrid comprising characteristics of a rogue AV and ransomware (the lockscreen type, not a file-encryptor) was discovered, calling itself Android Defender, " they said.
"It had all the typical traits of a fake AV and all the typical traits of a lockscreen ransomware – in that it was not actually that trivial to get rid of when a user was not protected by a mobile antivirus, they had to disable it by booting their device into Safe mode. Eset detects that threat as Android/FakeAV."
Post A Comment:
0 comments: