Malware that encodes ___ ___ ___ ___ ___ 0 ___ ___ 0

ByPedro veneroso

IPhone is locked remotely in May 2014, "If you want it to unlock, you can deposit money with Paypal"Hacking smartphone to ransom to "hostages"However, Android also discovered an application that included villainous malware that encrypted smartphone data and requested ransom as a "data quality".

ESET analyzes Simplocker Android malware
http://www.welivesecurity.com/2014/06/04/simplocker/

◆Data encryption malware
Security software company'sESETIs a malware that encrypts data such as photos and movies of Android smartphones on official blog and displays a warning "transfer money if you want encryption to be decrypted" on the screenAndroid / Simplock.AWe publicly announce the existence, calling attention.

When Android / Simplock.A is executed on an Android terminal, it scans a file in the SD card and calls jpeg · jpg · png · bmp · gif · pdf · doc · docx · txt · avi · mkv · 3 gp · mp 4 A file with extensionAESAnd then warning alerts that "if you want cryptography to be canceled, you can transfer money" will be displayed.

The following image is a warning alert displayed by Android / Simplock.A. The message requesting ransom is written in Russian and designates payment in Urika's currency, Fribuna.

This terminal was locked due to browsing child pornography, zoos and other transformation contents. If you want to release the lock you need to pay 260 UAH (about 2200 yen).

1. NearestKiosk terminalCheck the position of
2. Select "MoneXy"
3. Tap "REDACTED"
Transfer 4.260 UAH

Do not forget to take the receipt. After remittance is completed, lock will be released within 24 hours. If there is no payment, all data on the terminal will be lost!

According to the analysis of ESET, Android / Simplock.A is transmitting terminal identification information such as IMEI etc. to the external network, and the destination is an encrypted network with high anonymityTorIt turns out to be on.


ESET speculates that Android / Simplock.A is targeting users in Russia and Ukraine region, because the alert notation of Android / Simplock.A is Russian and requires payment in the Ukrainian currency I will. In addition, Android / Simplock.A was discovered as an application called "Sex xionix", which is not distributed on the Google Play store so-called "provider unknown application". Therefore, it is thought that there are not so many terminals infected with Android / Simplock.A yet.

◆Ransomware measures
The type of malware that requires ransom, thoughRansomware"In addition to the method of encrypting data like Android / Simplock.A, there are locked malware that locks the terminal and makes it unusable, and there are signs of a trend worldwide also here. In the case of such lock type Ranthermware, it is difficult to uninstall the application that locked the screen because it can not operate any terminal.

Therefore, when Android terminal is locked by illegal malware such as Ransomware and it becomes inoperable, it is effective to attempt to uninstall the application by using "safe mode" function which can be started with the application stopped. Because there is a thing, there is no loss if you remember it for emergency.

To activate in Safe Mode with Nexus 5, press and hold the power button for "Power off"Long pressTo do.


Then a window saying "Reboot and change to safe mode" is displayed, so tap "OK" and restart it OK.


After rebooting, if "Safe mode" is displayed at the bottom left of the screen, it was successfully activated in safe mode. In Safe Mode, all third party applications are disabled, so screen lock type of Ransomware is not activated and it is possible to uninstall the problem application.


Some Android devices can activate Safe Mode by pressing and holding the "Restart" icon instead of the "Turn off" icon, so if you do not get it right by pressing and holding the "Turn Off" icon, restart " Please press and hold the icon.


In any case, pay attention to the permission display displayed at the time of installation of the application in order to not take the smartphone hostage by the Ransomware, pay attention not to install a suspicious application such as an unknown provider It seems to be said that prevention is important.