A new malware, specifically a ransomware, is in town and this time it does have a bit of teeth. This Simplelocker.A doesn’t exactly lock you out of your smartphone but it encrypts files on your SD card so that you are practically locked out of your data instead.
This malware was spotted and reported by ESET, makers of a suite of security and anti-virus apps for PCs and mobile platforms. Android isn’t exactly immune from attacks and its popularity only makes it an even bigger target. This is definitely not the first, nor sadly the last, ransomware, that specifically targets our favorite mobile platform. Just last month, the Koler.A malware was reported. This one practically displayed a large window that blocked access to your phone until the you paid a certain sum, or at least until you find other means to remove the app that brought it along. Despite that, the malware didn’t do much to your device, but this latest one could.
Simplelocker.A rode on an app called “Sex xionix”, whose name alone should already clue you in. Naturally, the app isn’t on Google Play Store and whoever opts to still install the app via other means probably has it coming. What the malware then does is encrypt most types of files found on the device’s SD card, including MP4’s, documents, text files, images, and more. It then displays a windows that informs the users that his or her device has been locked due to viewing illegal pornographic material and instructs them to pay around $21 to regain access. Of course, the payment is to be made via untraceable channels. Based on ESET’s analysis of the malware’s code, the malware itself doesn’t contain the decryption key and most likely receives the command from an anonymous server once the payment has been made. In short, there is no assurance that the malware source will actually keep their part of the bargain.
This situation might make for a good case to favor Google’s recent moves to block unmitigated write access to files and folder stored in external memory. Of course, Google might also be throwing the baby out with the water, making that strategy still open for debate. That said, considering the way the malware can be installed, the user shares part of the blame for any damage that might ensue. Luckily, ESET believes that Simplelocker.A, as it is now, isn’t yet strong enough and looks more like a proof-of-concept but advises users to install legitimate security programs nonetheless. And maybe exercise a bit of common sense as well.