ESET security intelligence team lead Robert Lipovsky reported uncovering the evolved malware in a blog post, revealing that the ransomware has received a variety of technical upgrades.
"Last week we spotted a variant of the ransomware that featured a few significant improvements. The first change that meets the eye in Android/Simplocker is that the ransom message is now in English rather than Russian," read the post.
"Secondly, the malware now asks to be installed as Device Administrator, which makes it a lot more difficult to remove."
Ransomware is a form of malware that locks infected machines to a specific screen. The attackers usually demand payment from the victim before unlocking the machine.
The new Simplocker reportedly demands that victims pay USD $300 using a MoneyPak voucher to unlock infected devices, a marked increase on the $21 demanded by many previous variants.
Lipovsky said the malware is doubly dangerous as it encrypts files stored on handsets' SD cards, as well as their internal storage and attempts to scare the user by hijacking control of the phone's front camera.
"In addition to encrypting documents, images and videos on the device's SD card, the Trojan now also encrypts archive files: ZIP, 7z and RAR. This ‘upgrade' can have very unpleasant consequences," read the post.
"This one also uses the scareware tactic of displaying the camera feed from the device."
Like past ransomware, the new Simplelocker variant attempts to dupe the victims into paying by masquerading as a message from the US FBI.
"The victim is led to believe that the device was blocked by the FBI after detecting illegal activity – child pornography and so on – typical behavior of police ransomware that we've seen many times before," explained Lipovsky.
Ransomware is increasingly common, and Microsoft reported in May that the number of cyber attacks using the infamous Reveton ransomware have doubled over the past year.
No comments:
Post a Comment