Skip to main content

Android file-encrypting ransomware app now a reality

Meet the Simplocker

After a number of false alarms, Simplocker, the first true file-encrypting ransomware app, has now landed on Android and it is a nasty one.

Recent pseudo-malware apps that landed on Android had hitherto been fake ones, betting on the user's gullibility to extract a ransom.

Android defender for example threatened to encrypt files but only managed to display a lockscreen.

Security vendor ESET recently discovered this one and hides its location by using a C&C (command and control) server hosted on a TOR domain.

Malware researcher Robert Lipovsky wrote in a post on ESET's blog that the malware is likely to be a proof-of-concept and "doesn't come close to Cryptolocker on Windows".

Once on the victim's device, it scans the SD card for a number of file types, encrypts them and demand a ransom to decrypt them again.

Lipovsky says that the prevalence of the malware, which emanates from Russia, is low in the wild and likely to be found outside the official Google Play.