A new parchange του Simplocker, το πρώτο ransomware που εμφανίστηκε για συσκευές Android, κυκλοφορεί αυτή τη στιγμή, αναφέρουν researchers security.
The first version of the malware was discovered by 2014 from ESE and Kaspersky. Although many versions were released on the internet, they all used a cryptographic method that allowed security researchers to have an antidote in a very short space of time.
The latest version, however, seems to be very sophisticated, according to Avast researchers, who have found that a decryption solution for the infected device can no longer be found, at least not an easy task.
However, over 5.000 unique users are infected only a few days after the release of the new version.
Previous versions of malicious software used a unique key to lock files on victims' devices.
"However, the new variant locks each device with a 'different key', which makes it impossible to provide a solution that can unlock the infected device, because this requires discovering all the different keys that uses” reports Avast's Nikolaos Chrysaidos.
Its dissemination Simplocker is done with the common malware masking method in a legitimate program for the mobile platform.
According to the researchers, the malicious sample uses Flash Player as a disguise. Cybercriminals are displaying ads informing the candidate victim who needs to update Flash Player, leading him / her to a malicious website for download.
According to Avast's analysis, the malware it asks for administrator privileges, ensuring that it will be very difficult to remove from the device.
The message about the ransom claims that it is an FBI notice stating that the device contains suspicious files that are infringing. Of course, the device data has already been encrypted and will be unlocked if the owner pays 200 euro.
Η εταιρεία ασφαλείας αναφέρει ότι η τρέχουσα έκδοση του Simplocker συνδέεται με το διακομιστή διοίκησης και ελέγχου κάθε μια ώρα, χρησιμοποιώντας το protocol XMPP communication. On first contact with the server the malware sends data such as IMEI, operating system version, carrier name, phone number and country.
