Yesterday at 17:28, views: 21559
Trojan called Android / Simplock.A. Malicious software is blocking devices followed ransom for unlocking gaining popularity in mobile environments, but the sample – the first, which implements encryption of files stored on the SD-card. Previously detected program extortionists under Android, Android Defender or say Android.Koler, used machinery blocking the screen and continuous alerts that do not work with the device as possible.
Android / Simplocker.A after penetrating the system scans the map memory to the availability of documents, images, videos (endangered files jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4) and encrypts them using AES. Then displays the message in Russian ransom of $ 22, which requires transfer through the service MoneXy.
As emphasized in ESET, used in the implementation Simplock.A encryption is not like the techniques used previously in Cryptolocker. In addition, the Trojan uses the management server in the domain name zone. Onion (pseudo-top-level domain, designed to provide access to anonymous or pseudo-anonymous addresses network Tor). It is reported by “Computer Review”.