Trojan app encrypts files on Android devices and asks for ransom

Trojan app encrypts files on Android devices and asks for ransom

تاریخ ایجاد

Number: IRCNE2014062209
Date: 2014-06-07

According to “computerworld”, the ransomware model is increasingly being adopted by cybercriminals who target mobile users, one of their latest creations being able to encrypt files stored on the SD memory cards of Android devices.

A new threat dubbed Android/Simplock.A was identified by researchers from antivirus firm ESET over the weekend and while it's not the first ransomware program for Android, it is the first one seen by the company that holds files hostage by encrypting them.

"Android/Simplocker.A will scan the SD card for files with any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES [the Advanced Encryption Standard]," the ESET researchers said Wednesday in a blog post.

The malware will then display a ransom message in Russian asking for a payment of $21.40 to be made through a service called MoneXy, suggesting that, at least for now, this threat targets users in Russian-speaking countries.

Using encryption to hold files hostage is a technique made popular among malware writers by Cryptolocker, a Windows ransomware program that infected more than 250,000 computers during the last three months of 2013.

The new threat masquerades as an application called "Sex xionix," but it wasn't found on Google Play and its distribution so far is most likely low.

Another interesting aspect of Simplock.A is that it uses a .onion command-and-control (C&C) domain address. The .onion pseudo-top-level domain is only used inside the Tor anonymity network for accessing so-called hidden services.

برچسب‌ها