The company said that of all mobile-coders of malicious programs are one of the least popular program categories. Earlier mobile virus writers used other methods of blocking devices to extort Dene, preferring not to touch the files. For example, malicious programs and Android.Defender Android.Koler used different methods to blackmail a screen lock users.
In turn, the new malware Android / Simlocker.A scans the SD-card for files with the extension jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using the algorithm AES (Advanced Encryption Standard). The code displays a message to users that need to be transferred to reviewers code 260 Ukrainian hryvnia through service to decrypt MoneXy smartphone or tablet.
similar method uses blackmail malicious Cryptolocker, but this code is focused on a PC running Windows. Previously, the author was arrested by the FBI Cryptolocker U.S..
In Eset say Simlocker authors used a relatively simple technique for encryption, but the very existence of such a code – a kind of proof-of-concept. That is, in the future, you can likely expect to see more advanced designs.
Eset says its code was discovered by experts from within the app Sex xionix, which is not available through Google Play and while the extent of contamination Simlocker, likely are small.
Another interesting point is the use of Simlocker Tor-communications. Command server code that uses the extension. Onion and is not available from the regular internet. By Tor-channels malware sends IMEI-number of mobile device and receives data to encrypt information.
Embed in blog: