A new version of Simplocker, the first ransomware that appeared on Android devices, is currently being released, security researchers report.
The first version of the malware was discovered by 2014 from ESE and Kaspersky. Although many versions were released on the internet, they all used a cryptographic method that allowed security researchers to have an antidote in a very short space of time.
The latest version, however, seems to be very sophisticated, according to Avast researchers, who have found that a decryption solution for the infected device can no longer be found, at least not an easy task.
However, over 5.000 unique users are infected only a few days after the release of the new version.
Previous versions of malicious software used a unique key to lock files on victims' devices.
"The new variant, however, locks each device with a 'different key', which makes it impossible to provide a solution that can unlock the infected device, because it requires discovering all the different keys it uses," said Nikolaos Chrysaidos. Avast.
Its dissemination Simplocker is done with the common malware masking method in a legitimate program for the mobile platform.
According to the researchers, the malicious sample uses it as a disguise Flash Player. Οι εγκληματίες του κυβερνοχώρου προβάλλουν advertisements που ενημερώνουν το υποψήφιο θύμα που χρειάζεται να ενημερώσει το Flash Player, οδηγώντας τον κάθε ευκολόπιστο σε μια κακόβουλη ιστοσελίδα για την λήψη.
According to Avast's analysis, malicious software asks for administrator privileges, making it very difficult to remove it from the device.
The message for the ransom it claims to be an alert from the FBI stating that the device contains suspected copyright-infringing files. Of course, the device's data is already encrypted and will be unlocked if the owner pays 200 euros.
The security firm reports that the current version of Simplocker connects to the administration and control server every hour using the XMPP communication protocol. At first contact with the server, malware sends data such as IMEI, operating system version, carrier name, phone number, and country.
