View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

This Android ransomware accuses you of watching child porn

New English edition of trojan now comes with friendly warning from the FBI.

By Jimmy Nicholls

SimpleLocker ransomware for Android has been given an English release following a significant update, according to security firm ESET.

A variant of the trojan discovered by the company locks mobile phone files before showing a fake warning from the Federal Bureau of Investigation (FBI) and demanding victims pay $300 to avoid criminal charges of child and animal pornography.

Robert Lipovsky, security intelligence team leader at ESET, said: "From a technical perspective, the file-encrypting functionality remains virtually unchanged, apart from using a different encryption key, but this recent SimpleLocker variant does contain two additional tricks to make the victim’s life more miserable."

According to ESET the virus is now able to encrypt archives such as Zip, 7z, and RAR, a particular problem since backup tools are often stored inside such files.

It also asks for administrator privileges while being installed, potentially giving it the power to alter password policies or remotely wipe other devices, according to Lipovsky.

"As usual, the trojan will use social engineering to trick the user into installing it," he said, showing a screenshot of the virus posing as a Flash video player.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Our Android SimpleLocker detection statistics until today don’t indicate the threat to be widespread in English speaking countries," he added.

A proof of concept for the malware was originally released in June targeting Russian and Ukrainian mobile users, and has since been circulating on underground forums.

Following its release Sussex University student Simon Bell decrypted the ransomware, after spotting the password hidden in the code.

"Future versions of the ransomware will probably not reveal the decryption password so easily and will likely receive it from the C&C [command and control] server," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU