A new version of Simplocker, the first ransomware that appeared on Android devices, is currently being released, security researchers report.
The first version of the malware was discovered in 2014 by ESE and Kaspersky. Although many editions were released in the Internet, all used an encryption method that allowed security researchers to have an antidote in a very short time.
The latest version, however, seems to be very sophisticated, according to researchers from Avast, who found that no solution can be found to decrypt the data of the infected devices, or at least it is not an easy task.
However, over 5.000 unique users are infected only a few days after the release of the new version.
Previous versions of malicious software used a unique key to lock files on victims' devices.
"The new variant, however, locks each device with a 'different key', which makes it impossible to provide a solution that can unlock the infected device, because it requires discovering all the different keys it uses," said Nikolaos Chrysaidos. Avast.
Its dissemination Simplocker is done with the common malware masking method in a legitimate program for the mobile platform.
According to the researchers, the malicious sample uses Flash Player as a disguise. Cybercriminals serve ads informing the prospective victim that they need to update their Flash Player, leading any gullible person to a malicious websiteσελίδα for downloading.
According to analysis by Avast, the malware it asks for administrator privileges, ensuring that it will be very difficult to remove from the device.
The message about the ransom claims that it is an FBI notice stating that the device contains suspicious files that are infringing. Of course, the device data has already been encrypted and will be unlocked if the owner pays 200 euro.
The security firm reports that the current version of Simplocker connects to the administration and control server every hour using the XMPP communication protocol. At first contact with the server, malware sends data such as IMEI, operating system version, carrier name, phone number, and country.