Once on the smartphone, Simplocker checks the file system on the tablet or smartphone availability of images, documents and video files with the extension jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4. Finding desired, the program encrypts the file using a symmetric encryption algorithm AES, and then shows the user a message to pay the “ransom”.
According to “Kaspersky Lab”, the bulk of new virus infections fell to Russia and Ukraine, but at risk were more than ten countries. Among them – Azerbaijan, Belarus, Georgia, Kazakhstan, Tajikistan, Uzbekistan, Canada, Germany, Greece, South Korea and Singapore.
The message that appears on the screen and locked the infected smartphone, attackers need to pay a “fine “threatening to publish user data public sources. Programming for residents of Russia “fine” is 1000 rubles, Ukrainian require 250 hryvnia (about 750 rubles).
for ransom attackers use electronic wallets or regular money transfer to your mobile phone. In ESET note that Simplocker offers sacrifice to pay the ransom through MoneXy. Unlike conventional payment systems that work with credit cards, customers of the service is difficult to track.
malicious program is distributed under the guise of fake porn site video player. Also documented cases of masking the virus under games or useful applications for Android. Experts warn that if the infection can not send money to fraudsters. “All of us discovered Trojan version contain the key, knowing that you can decrypt all files” – say in the “Kaspersky Lab”.