Saturday, June 7, 2014

“Colleague» Cryptolocker aimed at English-speaking users Android – Telecompaper


ESET warns of Trojan extortion mobile on Android – Simplocker.

threat aimed at the citizens of Ukraine and can be re-oriented in all English-speaking users of Android-devices.

Android / Simplocker.A encrypts user files, blocking access to the device and demands a ransom for the decryption. While blocking message is written in Russian, and the amount specified in the redemption Ukrainian hryvnias.

Simplocker running extortion scheme, which is widely distributed in the environment of Windows. ESET experts found that the authors of Android-extortionist come close to the concept of a known virus Cryptolocker, detected at about the same time.

Simplocker distributed under the guise of applications «Sex xionix» on torrent trackers and other mobile platforms applications.

Once installed, it checks the file system tablet or smartphone on the availability of images, documents and video files with the extension jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 . Finding desired, the program encrypts the file using a symmetric encryption algorithm AES.

By blocking device, Simplocker offers sacrifice to pay the ransom through MoneXy – unlike conventional payment systems that work with credit cards, customers of the service is difficult to track .

blocking message does not contain a specific field for entering the code, proof of payment. Instead Simplocker interacts with a remote server, waiting for information from him about the transfer of funds, as well as send information about the device, eg, IMEI-identifier. URL of the server is located on the domain. Onion, owned by anonymous network TOR, which also complicates the search for intruders.

ESET virus laboratory experts recommend not to install the application on your mobile device from untrusted sources, regularly back up your data, as well as protect smartphone or tablet mobile Antivirus.

© Elena Golubeva, SOTOVIK

‘+ / /’