New Smartphone Virus Alert: Android Trojan Locks Your Photos and Files, Asks for Ransom to Get Them Back
A new trojan virus is hitting Android devices and it is locking users' files and photos. The trojan scans the phone's hard drive and external memory cards for certain files and then locks them.
Cybercriminals are becoming increasingly more sneaky as they are now finding a way to infect smartphones in addition to computers.
In the past, viruses like Android Defender, found last June, and Android.Koler, found in May, attacked the lock screen and constantly sent alerts to smartphones. This trojan is much more advanced than those.
"Android/Simplocker.A will scan the SD card for files with any of the following image, document or video extensions: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypt them using AES [the Advanced Encryption Standard]," the ESET researchers said Wednesday in a blog post.
After these types of files are locked, mostly photos, text files and songs, the user is then prompted, in Russian, to send about $21 through a service called MoneXy. For now, victims in Russian-speaking countries are the most in danger of this trojan.
A translated version of the message reads:
""WARNING your phone is locked!
The device is locked for viewing and distribution child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1. Locate the nearest payment kiosk.
2. Select MoneXy
3. Enter {REDACTED}.
4. Make deposit of 260 Hryvnia, and then press pay."
"Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours.
In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!"
Cryptolocker was one of the first malicious programs to lock files and demand a ransom. This hit computers running Windows in 2013.
"Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress-for example, the implementation of the encryption doesn't come close to 'the infamous Cryptolocker' on Windows," the ESET researchers wrote.
Users should be careful of the apps they download from Android devices. In particular, the "Sex xionix" app is likely disguising itself as an app and when a user opens it, the trojan starts ravaging their phone.
Experts say that users should not be fooled into paying the ransom to get their files unlocked.
"While the malware does contain functionality to decrypt the files, we strongly recommend against paying up--not only because that will only motivate other malware authors to continue these kinds of filthy operations, but also because there is no guarantee that the crook will keep their part of the deal and actually decrypt them," the ESET researchers wrote.
In other security news, Google recently released a Chrome add-on called "End-to-End" that should give Chrome users an extra layer of protection for their sensitive and private information.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!