A new version of Simplocker, the first ransomware that appeared on Android devices, is currently being released, security researchers report.
The first version of the malware was discovered by 2014 from ESE and Kaspersky. Although many versions were released on the internet, they all used a cryptographic method that allowed security researchers to have an antidote in a very short space of time.
The latest version, however, seems to be very sophisticated, according to Avast researchers, who have found that a decryption solution for the infected device can no longer be found, at least not an easy task.
However, over 5.000 unique users are infected only a few days after the release of the new version.
Previous versions of malicious software used a unique key to lock files on victims' devices.
"The new variant, however, locks each device with a 'different key', which makes it impossible to provide a solution that can unlock the infected device, because it requires discovering all the different keys it uses," said Nikolaos Chrysaidos. Avast.
Its dissemination Simplocker is done with the common malware masking method in a legitimate program for the mobile platform.
According to the researchers, the malicious sample uses Flash Player as a disguise. Cybercriminals are displaying ads informing the candidate victim who needs to update Flash Player, leading him / her to a malicious website for download.
According to Avast's analysis, malicious software asks for administrator privileges, making it very difficult to remove it from the device.
The message about the ransom claims that it is an FBI notice stating that the device contains suspicious files that are infringing. Of course, the device data has already been encrypted and will be unlocked if the owner pays 200 euro.
Registration in iGuRu.gr via Email
The security firm reports that the current version of Simplocker connects to the administration and control server every hour using the XMPP communication protocol. At first contact with the server, malware sends data such as IMEI, operating system version, carrier name, phone number, and country.